Date: Sun, 28 Sep 2008 08:29:20 +1000 From: Aristedes Maniatis <ari@ish.com.au> To: Gary Palmer <gpalmer@freebsd.org> Cc: freebsd-stable Stable <freebsd-stable@freebsd.org> Subject: Re: sysctl maxfiles Message-ID: <51E08B08-167D-4787-BC91-11FB20B6E118@ish.com.au> In-Reply-To: <20080927221807.GE60230@in-addr.com> References: <98425339-23F8-4A90-8CF1-2E85DD82D857@ish.com.au> <20080927030204.GB40195@icarus.home.lan> <DD7C3A8F-B239-4519-A5C5-D2D5F4BC36BD@ish.com.au> <20080927221807.GE60230@in-addr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28/09/2008, at 8:18 AM, Gary Palmer wrote: > At least one port recommends you set > > kern.maxfiles="40000" > > in /boot/loader.conf. I think its one of the GNOME ports. I'm pretty > confident you can run that without too many problems, and maybe go > higher, > but if you really want to know the limit its probably kernel memory > and > that will depend on your workload. I guess then I should ask the question a different way. How much memory does each fd use and which pool of memory does it come from? This is ZFS if that makes any difference. Or asked a different way, if I set the number to 200,000 and some rogue process used 190,000 fds, then what bad thing would happen to the system? If any. > Solving the fd leak is by far the safest path. Note that tracking > that many files is probably affecting your application performance > in addition to hurting the system. Absolutely. We are working on it. But general Unix principles are that a non-root user should not be able to get Unix to a non-functional state. It appears that this is a very simple path to DoS, particularly since with the default settings it is easy for one process to use up all available fds and leave no more for anyone to be able to log in. Ari Maniatis --------------------------> ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51E08B08-167D-4787-BC91-11FB20B6E118>