Your message dated Mon, 03 Jul 2017 17:24:11 +0000 with message-id <e1ds551-0004kv...@fasolo.debian.org> and subject line Bug#865449: fixed in systemd 233-10 has caused the Debian Bug report #865449, regarding src:systemd: LimitNOFILE does not work as advertised to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865449 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: systemd Version: 232-25 Severity: important Tags: patch stretch fixed-upstream Dear Maintainers, I recently tried to tune the RLIMIT_NOFILE value for a service requiring more than the default 4096 open file descriptors by adding /etc/systemd/system/$SERVICE.d/override.conf files: ,---- | [Service] | LimitNOFILE=300000 `---- After restarting the service, I checked /proc/$PID/limits of the processes belonging to the service and found that, indeed, the "Max open files" line had been changed from the previous values 1024/4096 (soft limit/hard limit). However, the limits had only been raised to 65536/65536. I found that a similar-looking problem has been reported in Ubuntu as <https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1686361> and that a patch for this has been accepted upstream: ,---- | commit 25ad0e0c1119411b10c314771824569d895a7df4 | Author: Christian Brauner <christian.brau...@ubuntu.com> | Date: Wed Apr 26 06:18:10 2017 +0200 | | main: improve RLIMIT_NOFILE handling (#5795) | | This has systemd look at /proc/sys/fs/nr_open to find the current maximum of | open files compiled into the kernel and tries to set the RLIMIT_NOFILE max to | it. This has the advantage the value chosen as limit is less arbitrary and also | improves the behavior of systemd in containers that have an rlimit set: When | systemd currently starts in a container that has RLIMIT_NOFILE set to e.g. | 100000 systemd will lower it to 65536. With this patch systemd will try to set | the nofile limit to the allowed kernel maximum. If this fails, it will compute | the minimum of the current set value (the limit that is set on the container) | and the maximum value as soft limit and the currently set maximum value as the | maximum value. This way it retains the limit set on the container. `---- My tests (rebuild systemd/232-25 with this patch applied, install into an otherwise clean VM running stretch, systemctl reexec-daemon, systemctl restart $SERVICE, inspect /proc/$PID/limits) show that this patch solves the problem for me. Please consider including the patch and updating systemd for a stretch point release. Thank you. Cheers, -Hilko
--- End Message ---
--- Begin Message ---Source: systemd Source-Version: 233-10 We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 03 Jul 2017 18:51:58 +0200 Source: systemd Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb Architecture: source Version: 233-10 Distribution: unstable Urgency: medium Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org> Changed-By: Michael Biebl <bi...@debian.org> Description: libnss-myhostname - nss module providing fallback resolution for the current hostname libnss-mymachines - nss module to resolve hostnames for local container instances libnss-resolve - nss module to resolve names via systemd-resolved libnss-systemd - nss module providing dynamic user and group name resolution libpam-systemd - system and service manager - PAM module libsystemd-dev - systemd utility library - development files libsystemd0 - systemd utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) systemd - system and service manager systemd-container - systemd container/nspawn tools systemd-coredump - tools for storing and retrieving coredumps systemd-journal-remote - tools for sending and receiving remote journal logs systemd-sysv - system and service manager - SysV links systemd-tests - tests for systemd udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Closes: 824532 865449 866147 866579 Changes: systemd (233-10) unstable; urgency=medium . [ Martin Pitt ] * Adjust var-lib-machines.mount target. Upstream PR #6095 changed the location to {remote-fs,machines}.target.wants, so just install all available ones. . [ Dimitri John Ledkov ] * Fix out-of-bounds write in systemd-resolved. CVE-2017-9445 (Closes: #866147, LP: #1695546) . [ Michael Biebl ] * Be truly quiet in systemctl -q is-enabled (Closes: #866579) * Improve RLIMIT_NOFILE handling. Use /proc/sys/fs/nr_open to find the current limit of open files compiled into the kernel instead of using a hard-coded value of 65536 for RLIMIT_NOFILE. (Closes: #865449) . [ Nicolas Braud-Santoni ] * debian/extra/rules: Use updated U2F ruleset. This ruleset comes from Yubico's libu2f-host. (Closes: #824532) Checksums-Sha1: 47e7477c541c2ce26c48079534faa487cad9b6bb 4837 systemd_233-10.dsc 06ed2344c440906f97d1cf881f2d2769c950ce6d 145224 systemd_233-10.debian.tar.xz fb2e736470fbfe119c24ee31f0274f824243fe93 8583 systemd_233-10_source.buildinfo Checksums-Sha256: dec2896378686c332fa949f6b492868a356f2e8d44336565029b636cd53df250 4837 systemd_233-10.dsc eab22fe504abbdb21801d112c797dc52bf17ba03ebb542632f8a63e766151de3 145224 systemd_233-10.debian.tar.xz c36a38081697fb3c1a0ab583b1dc45908eb9cfe782ab7377b7f75a3d1e93efc0 8583 systemd_233-10_source.buildinfo Files: e6ca205163d6963e5e092b67654fed07 4837 admin optional systemd_233-10.dsc 5c25f36e756ea104be3e2e76a63dc431 145224 admin optional systemd_233-10.debian.tar.xz 85ed9f21e0bcf66095b27beaa840d52f 8583 admin optional systemd_233-10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAllad2UACgkQauHfDWCP Itxr7A/+MpmOOKaB1JlU5861MqEgIxbNjKgFsiJnO2mZnKBxr6g82yXJDh3mknJW c3rG8DzatelEzjKNbBjxMFvNqIrvLm8k15iaTpuwi+1xtyaEGX1G62sOVOWihCWJ DTj2wyMizzUcfR3m3rCNEkx+SlbK3kAPjK33M6VtdaOjHVmzFfXRc/uYedTwtUrU Ytc6+910gKrUt8ecbbUN3wG2/iQdQQKWTJEcNISciCgXnGXkAJw4gsJPYP4y3fqI m3q9FAnDmySMj9RXABT/GXnXg+/EnsjFmlsslopiMXrSOJbQwR06Jx56N8k+moCv LZQAa+xyS/dGYkb7eNhipQzDn8qukU+R/bxaWFqsDvNmMnUmja11RwzVKtPK15fS Ild4ZtnXlcetGBl4F+21+KL/UZq1lkTFMVgXk17i4qu/yqiNjrG5QOxW361gB2SB grdkiKFOjxdOcztbZU0AWAo+XlV5tIhNBOmhM+zvBWuPRKO6YOsYEmyMRlbdZDUW Z23wbe5lzSf8hFVn5GQQ06+rX5O3X/pUet43iK37X+24AXefZsicfFe+F0/XnAUL 55UFJPiRxkcAXGMqQFiFVSjefCyZ9s11wgmb0GJS3YvclRxu6KaDsKNadOLvT4vx z8524cEiotShienExEgZmAGvz5c/uk9Ax2OZ69SZT3R273Gmslw= =os63 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
