Your message dated Sun, 16 Jul 2017 12:17:08 +0000
with message-id <[email protected]>
and subject line Bug#865449: fixed in systemd 232-25+deb9u1
has caused the Debian Bug report #865449,
regarding src:systemd: LimitNOFILE does not work as advertised
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
865449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865449
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: systemd
Version: 232-25
Severity: important
Tags: patch stretch fixed-upstream
Dear Maintainers,
I recently tried to tune the RLIMIT_NOFILE value for a service requiring
more than the default 4096 open file descriptors by adding
/etc/systemd/system/$SERVICE.d/override.conf files:
,----
| [Service]
| LimitNOFILE=300000
`----
After restarting the service, I checked /proc/$PID/limits of the
processes belonging to the service and found that, indeed, the "Max open
files" line had been changed from the previous values 1024/4096 (soft
limit/hard limit). However, the limits had only been raised to
65536/65536.
I found that a similar-looking problem has been reported in Ubuntu as
<https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1686361> and
that a patch for this has been accepted upstream:
,----
| commit 25ad0e0c1119411b10c314771824569d895a7df4
| Author: Christian Brauner <[email protected]>
| Date: Wed Apr 26 06:18:10 2017 +0200
|
| main: improve RLIMIT_NOFILE handling (#5795)
|
| This has systemd look at /proc/sys/fs/nr_open to find the current maximum
of
| open files compiled into the kernel and tries to set the RLIMIT_NOFILE
max to
| it. This has the advantage the value chosen as limit is less arbitrary
and also
| improves the behavior of systemd in containers that have an rlimit set:
When
| systemd currently starts in a container that has RLIMIT_NOFILE set to e.g.
| 100000 systemd will lower it to 65536. With this patch systemd will try
to set
| the nofile limit to the allowed kernel maximum. If this fails, it will
compute
| the minimum of the current set value (the limit that is set on the
container)
| and the maximum value as soft limit and the currently set maximum value
as the
| maximum value. This way it retains the limit set on the container.
`----
My tests (rebuild systemd/232-25 with this patch applied, install into
an otherwise clean VM running stretch, systemctl reexec-daemon,
systemctl restart $SERVICE, inspect /proc/$PID/limits) show that this
patch solves the problem for me.
Please consider including the patch and updating systemd for a stretch
point release. Thank you.
Cheers,
-Hilko
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 232-25+deb9u1
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 05 Jul 2017 22:31:25 +0200
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote
systemd-coredump libpam-systemd libnss-myhostname libnss-mymachines
libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1
libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 232-25+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian systemd Maintainers
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Description:
libnss-myhostname - nss module providing fallback resolution for the current
hostname
libnss-mymachines - nss module to resolve hostnames for local container
instances
libnss-resolve - nss module to resolve names via systemd-resolved
libnss-systemd - nss module providing dynamic user and group name resolution
libpam-systemd - system and service manager - PAM module
libsystemd-dev - systemd utility library - development files
libsystemd0 - systemd utility library
libudev-dev - libudev development files
libudev1 - libudev shared library
libudev1-udeb - libudev shared library (udeb)
systemd - system and service manager
systemd-container - systemd container/nspawn tools
systemd-coredump - tools for storing and retrieving coredumps
systemd-journal-remote - tools for sending and receiving remote journal logs
systemd-sysv - system and service manager - SysV links
udev - /dev/ and hotplug management daemon
udev-udeb - /dev/ and hotplug management daemon (udeb)
Closes: 824532 865449 866147 866579
Changes:
systemd (232-25+deb9u1) stretch; urgency=medium
.
[ Dimitri John Ledkov ]
* Fix out-of-bounds write in systemd-resolved.
CVE-2017-9445 (Closes: #866147, LP: #1695546)
.
[ Michael Biebl ]
* Be truly quiet in systemctl -q is-enabled (Closes: #866579)
* Improve RLIMIT_NOFILE handling.
Use /proc/sys/fs/nr_open to find the current limit of open files
compiled into the kernel instead of using a hard-coded value of 65536
for RLIMIT_NOFILE. (Closes: #865449)
.
[ Nicolas Braud-Santoni ]
* debian/extra/rules: Use updated U2F ruleset.
This ruleset comes from Yubico's libu2f-host. (Closes: #824532)
Checksums-Sha1:
616fb901089666e3be813ea742341ee998f795f4 4797 systemd_232-25+deb9u1.dsc
fb9c4d765683d77d6987443f30b8131d8b2867a0 205680
systemd_232-25+deb9u1.debian.tar.xz
45e5b5ae81ca585c5f7a3e5349c00ab98774ff52 9568
systemd_232-25+deb9u1_source.buildinfo
Checksums-Sha256:
624303bdd40a5cc5ffa6c2c1e4557976908a4c8b45d2f59dee1acf0965308823 4797
systemd_232-25+deb9u1.dsc
5b9ef3d5f28dc8e5988eca66c2df022a1e79453f87d1d4a8693c3bf9d6786a14 205680
systemd_232-25+deb9u1.debian.tar.xz
655cfb3e8317dbef0838e9e48ed91c1c47b4a201bd71f82915c300816284b3f4 9568
systemd_232-25+deb9u1_source.buildinfo
Files:
65279fc638172c21771d504778cc8db8 4797 admin optional systemd_232-25+deb9u1.dsc
fe6150f3de3ab9c6d13fa33cf0cc550c 205680 admin optional
systemd_232-25+deb9u1.debian.tar.xz
0a3e232a93faf6211cd7c8c5c2058156 9568 admin optional
systemd_232-25+deb9u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAllqjckACgkQauHfDWCP
ItxORw//XMA9dfxw9W8oMkA6aktJ7nQ/oszof8k60xlKufF5bxJcRAPyShNSkz9J
P6xUFDJPz1OUYrzs7IZeAHNy3k7pXGgzU8/WtE7CUcQv+BUv5e6xtFIGR5I4bi/z
2v3zQYjOJTY6Jkqy0ycDx7MMVHG1+FEn7a9TGkCs1KCJiKfaFao0oqT6IjYGX9y/
L1+XgR6Z9+gt+KCAoEgl5y2jJ5dP2yyreK56HrPXhjVR5EfbgZPlOeg74COCLwKc
b4Wc1u/fnoj/dEaWVNvEBIcj8CAkFma+eOX2pgSAJ8i27RHM4tY4uLX+R/2V8JYY
6hSq6d2LNakbuQ4IMYKcThr0QU1Uw8tFFx8NzvZJ8koCszZGL6I8BhnhUvuk7W+2
uga+yuXQz9oEmo9X8GX9xabhZlaCVl9bFZAj4plYF57owJ9UDhqSzwqaJfGtsy3U
G2xG8G3IrioVZ0myoaO3+mdHmshIuqWGBK5FYK6mgP2UvaFfjcd7AwxEp54WWPsS
/fOo58yRg0HkRMZp2+ktBHMaLs80NVAODG5w1d6TidEHUu6JU0KAKM7IIO79agqR
yNjju/4ngoOSUZXD/mY5XmxppTR6Id8WHfR97jnNEr9eUbzPsbztF7PxkP6rnWJ8
4VVTKeO5+8bga9VODlMSMiGZwv/hPNr9uonoz2X/TXHNb08UjIk=
=cJjg
-----END PGP SIGNATURE-----
--- End Message ---
