#20879: Set rlimits in the containers. ----------------------------------------------+------------------------- Reporter: yawning | Owner: yawning Type: enhancement | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser Sandbox | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ----------------------------------------------+-------------------------
Comment (by cypherpunks): It doesn't look like Firefox is locking any memory, so `RLIMIT_MEMLOCK` can be safely set to 0. {{{ $ pidof -s firefox 9688 $ prlimit -p 9688 -l RESOURCE DESCRIPTION SOFT HARD UNITS MEMLOCK max locked-in-memory address space 65536 65536 bytes $ grep -E 'Vm(Size|Lck)' /proc/9688/status VmSize: 1069636 kB VmLck: 0 kB }}} Regarding the `RLIMIT_STACK`, 8 MiB is probably overkill. It's safe, but very high. {{{ $ prlimit -p 9688 -s RESOURCE DESCRIPTION SOFT HARD UNITS STACK max stack size 8388608 8388608 bytes $ grep -E 'Vm(Size|Stk)' /proc/9688/status VmSize: 1069640 kB VmStk: 132 kB }}} Be careful with reducing `RLIMIT_NOFILE` too low. Much lower than 512 might be risky. {{{ $ prlimit -p 9688 -n RESOURCE DESCRIPTION SOFT HARD UNITS NOFILE max number of open files 4096 4096 $ ls /proc/9688/fd | sort -n | tail -n 1 71 $ ls /proc/9688/fd | sort -n | wc -l 52 }}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20879#comment:2> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs