On Sat, Mar 21, 2009 at 03:27:27PM +0100, Josselin Mouette wrote: > Le samedi 21 mars 2009 à 01:48 +0000, Debian Bug Tracking System a > écrit : > > > * 027_pam_limits_better_init_allow_explicit_root: set the > > > RLIMIT_MEMLOCK > > > limit correctly to match the kernel default, which is not > > > RLIM_INFINITY. > > > Closes: #472629.
> Thanks for this change. > However, I see (from what I understand of the code) that you changed the > default to 64 KiB. This is unfortunately still not enough for > gnome-keyring, which often needs to cache quite a number of keys and > passwords. > The upstream recommendation is to set the limit to 256 KiB, and it looks > more than reasonable on a system with 1 GiB of RAM. Which upstream? gnome-keyring upstream? The kernel upstream is still setting 64KB as the default, and for the moment PAM is shadowing this same limit (used to ensure defaults are restored on su or other session change). I'm not opposed to raising the default, but would like to have a clearer rationale for the specific value than "gnome-keyring might use this amount". If we're just going to use high-water marks, there's no assurance that we won't have to change this value yearly, or worse, and I'd rather not be chasing my tail on this. I would like to be able to justify the value we pick to kernel upstream if necessary (and in fact, I think that if pam_limits changes its default, the kernel should also). FWIW, I agree that 256KB is a reasonable value in terms of memory usage on even embedded Debian systems. Also FWIW, I use gnome-keyring (plus seahorse, I guess; argh, too many interlocking parts) on amd64 (the land of the giant pointers) and my personal high water mark appears to be below 64K. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org