From owner-svn-src-all@freebsd.org Thu Sep 10 21:14:23 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C576FA017B8; Thu, 10 Sep 2015 21:14:23 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A2DD81061; Thu, 10 Sep 2015 21:14:23 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t8ALEHoY014117 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Sep 2015 14:14:17 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t8ALEHtc014116; Thu, 10 Sep 2015 14:14:17 -0700 (PDT) (envelope-from jmg) Date: Thu, 10 Sep 2015 14:14:17 -0700 From: John-Mark Gurney To: Eric van Gyzen Cc: Adrian Chadd , Warner Losh , Ed Maste , "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Subject: Re: svn commit: r287606 - head/sys/kern Message-ID: <20150910211417.GY33167@funkthat.com> References: <201509100405.t8A45xrJ070199@repo.freebsd.org> <20150910175324.GW33167@funkthat.com> <55F1E06F.7000008@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <55F1E06F.7000008@FreeBSD.org> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Thu, 10 Sep 2015 14:14:17 -0700 (PDT) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2015 21:14:23 -0000 Eric van Gyzen wrote this message on Thu, Sep 10, 2015 at 14:56 -0500: > On 09/10/2015 12:53, John-Mark Gurney wrote: > > Adrian Chadd wrote this message on Thu, Sep 10, 2015 at 09:18 -0700: > >> On 10 September 2015 at 09:04, Warner Losh wrote: > >>> > >>> > >>> On Thu, Sep 10, 2015 at 9:53 AM, Ed Maste wrote: > >>>> > >>>> On 10 September 2015 at 04:05, Adrian Chadd wrote: > >>>>> Author: adrian > >>>>> Date: Thu Sep 10 04:05:58 2015 > >>>>> New Revision: 287606 > >>>>> URL: https://svnweb.freebsd.org/changeset/base/287606 > >>>>> > >>>>> Log: > >>>>> Also make kern.maxfilesperproc a boot time tunable. > >>>>> ... > >>>>> TODO: > >>>> > >>>> Also "we" should > >>>> * Submit patches upstream or to the ports tree to use closefrom > >>> > >>> > >>> I thought the consensus was that we'd fix things to have fewer FDs > >>> by default, but instead allow individual processes to raise it via the > >>> usual methods. > > We could--and should--do both, because they're both good ideas. > > >> I'm looking at how to do this in a somewhat sensible fashion. Right > >> now we just have openfiles=unlimited; in /etc/login.conf which seems a > >> little odd. I don't know yet if that affects the default set that > >> services started via /etc/rc get - init gets the whole default > >> maxfilesperproc and stuff seems to inherit from that unless told > >> otherwise. > >> > >> I think the more sensible default would be: > >> > >> * set /etc/login.conf to some much lower values - say, 4k soft, 64k hard; > >> * root can always override its settings up to kern.maxfilesperproc; > >> * modify /etc/rc to set some default rlimits as appropriate; > > > > We should probably just use the daemon class from login.conf... Do we > > have a program that will set the current limits to a specified class? > > See limits(1). The apache rc.d script uses it, along with some related > rc.conf variables. So, one issue w/ limits is that it only does the limits side of things, not environment or cpusets... see: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=161401 limits doesn't address PATH and other environment variables... We should have rc.subr setup the environment completely when executing the daemon/scripts instead of depending upon any of this.. It turns out that init doesn't setup the environment vars provided by login.config either... > >> * introduce configuration options ({daemon_rlimit_XXX}?) in > >> /etc/rc.conf that lets someone override what the default rlimits > >> should be for a given process,, as (and I'm not making this up) if you > >> run 'service XXX restart' from a root login you get the rlimits from > >> the shell, which may differ from the system startup. > > > > Why not daemon_login_class w/ the above? > > > >> That way we can setup various services to have higher openfile limits > >> via /etc/rc.conf entries for those services rather than having to hack > >> each startup script. It also means that no matter what is running > >> 'service XXX YYY' as root, you'll get the 'correct'(er) rlimits. > > > > Then service would just use the above program to get sane defaults... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."