[Bug 1837580] Re: memlock is not set
please reopen if this is still an issue ** Changed in: systemd (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
try this : modif : /etc/systemd/user.conf /etc/systemd/system.conf with : DefaultlimitNOFILE=65535 DefaultlimitMEMLOCK=500 modif : /etc/security/limits.conf with : mkasberg hard nofile 65535 mkasberg soft nofile 65535 @sudo hard memlock 500 @sudo soft memlock 500 reboot ulimit -l you will see : 500 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
This is currently an issue in 19.10's systemd (version 242). By default,
unless services are configured to set LimitMEMLOCK, they will have 64k
as their memlock limit (though oddly, systemd bumped its own memlock
limit higher than previous versions have used). The only processes not
affected are those that increase their own memlock rlimits at runtime,
such as `systemd --user`.
```
# for pid in $(ps --ppid 1 | awk 'NR!=1 {print $1}'); do echo -n "${pid}: ";
cat "/proc/${pid}/limits" | grep locked ; done
400: Max locked memory 6553665536bytes
480: Max locked memory 6553665536bytes
514: Max locked memory 6553665536bytes
559: Max locked memory 6553665536bytes
561: Max locked memory 6553665536bytes
596: Max locked memory 6553665536bytes
657: Max locked memory 6553665536bytes
658: Max locked memory 6553665536bytes
659: Max locked memory 6553665536bytes
661: Max locked memory 6553665536bytes
662: Max locked memory 6553665536bytes
665: Max locked memory 6553665536bytes
681: Max locked memory 6553665536bytes
685: Max locked memory 6553665536bytes
688: Max locked memory 6553665536bytes
704: Max locked memory 6553665536bytes
710: Max locked memory 6553665536bytes
711: Max locked memory 6553665536bytes
732: Max locked memory 6553665536bytes
939: Max locked memory 6553665536bytes
6673: Max locked memory 67108864 67108864 bytes
7310: Max locked memory 6553665536bytes
# ps aux | grep 6673
root 6673 0.0 0.8 18132 8348 ?Ss 00:07 0:00
/lib/systemd/systemd --user
root 10442 0.0 0.0 8020 864 pts/2S+ 03:32 0:00 grep
--color=auto 6673
```
This includes sshd, but the forked (still `sshd`) children of sshd
appear to have their memlock limit increased. This results in direct
shell operations under sshd having realistic limits. However, processes
"kicked off" by an ssh shell session, but not actually originally
parented under them, will have the austere 64k memlock limit. This is
the case with docker (the ubuntu docker.io package) containers, as
containerd's systemd configuration
(/lib/systemd/system/containerd.service) does not set LimitMEMLOCK. And
it should not have to.
Per this thread
(https://twitter.com/ChaosDatumz/status/1198075570921394177), this is
causing problems for eBPF related functionality running under docker due
to the fact that the memlock limit is used to track eBPF maps and is
tracked on the user, which is an issue because root in a non-user
namespaced container is technically root on the outside, so on top of
this paltry memlock limit, existing host processes running as root are
counting towards the container's memlock limit. This likely has
cascading effects for anything eBPF-related that isn't being started by
a user's shell, but the user-based memlock accounting behavior will
likely cause other issues for anything running in a container that
performs such checks given that on a typical system, root host processes
may well already have more than 64k in locked kernel memory allocated. I
don't think the solution for this is just to special case containerd (or
docker.io) with a configuration, but to fix this at its heart, systemd.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1837580
Title:
memlock is not set
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: systemd (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
** Changed in: systemd (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
Actually, its just systemd 240. Looks fixed in 241 and newer. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
Systemd 240 and newer introduced a clamp to RLIMIT_MEMLOCK in c8884aceefc85245b9bdfb626e2daf27521259bd. See https://github.com/systemd/systemd/issues/13331. ** Bug watch added: github.com/systemd/systemd/issues #13331 https://github.com/systemd/systemd/issues/13331 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
The same happens to me, same distro, some infos are different (namely the kernel, 4.18.0-18-generic, since 5.0.0... frozes my machine - another issue to be investigated), but I don't think these differences are relevant. I've set DefaultLimitMEMLOCK=infinity in /etc/systemd/system.conf and also /etc/systemd/user.conf (also tried to put a file in newly created /etc/systemd/user.conf.d) /etc/security/limits.d/audio.conf has @audio - rtprio 95 @audio - memlockunlimited As root I can ulimit -l to unlimited. As normal user (in the group audio of course) I can't go with more than 65536. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
I can REDUCE the memlock limit in /etc/systemd/system.conf, or by creating /etc/systemd/system.conf.d/ and a file in that, but cannot increase it beyond 65536kB. For instance: [Manager] DefaultLimitMEMLOCK=100M does nothing, and neither does specifying "infinity". -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
Thanks! Is something other than systemd setting the real-time priority? Because if I move audio.conf, rtprio is no longer set: $ulimit -l -r max locked memory (kbytes, -l) 65536 real-time priority (-r) 0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
"https://bugzilla.redhat.com/show_bug.cgi?id=1364332 tl;dr it’s expected behavior since /etc/security/limits.* is not used by systemd, and further the behavior of pam_limits with group-based limits can’t be reproduced in systemd." https://bugs.debian.org/919528#10 ** Bug watch added: Red Hat Bugzilla #1364332 https://bugzilla.redhat.com/show_bug.cgi?id=1364332 ** Bug watch added: Debian Bug tracker #919528 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919528 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837580] Re: memlock is not set
systemd user fighting PAM for limits is from my POV certainly a systemd bug. ** Package changed: pam (Ubuntu) => systemd (Ubuntu) ** Also affects: systemd (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919528 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837580 Title: memlock is not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1837580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
