Allowing 1M open files per unprivileged process is too many.
Megabytes of RAM are precious. A hard limit of 1M open files per process allows each process to eat at least 256MB (1M * sizeof(struct file) [linux/fs.h]) of RAM. If a single user is allowed 1000 processes, then that's 256GB of RAM, which is a Denial-of-Service attack. Yes, 4096 open files is not enough. Raise it to 65536. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
