diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-07-15 08:28:53 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-15 08:28:53 +0900 |
| commit | 08894b568f03fc06bb961c6c731be0c877ff7786 (patch) | |
| tree | 115f9c0f72e9e2e9717a5e6d51e4523b115c8b30 | |
| parent | 73897d4f3c21a787ac9bff50553717e5d1291ded (diff) | |
| parent | 5ea8fa1db3a6c2e6b9e4e0183de268519d74a89f (diff) | |
| download | systemd-08894b568f03fc06bb961c6c731be0c877ff7786.tar.gz | |
Merge pull request #24021 from poettering/man-rlimit-comments
man: elaborate on the usefulness (and not-so-usefulness) of various process resource limits
| -rw-r--r-- | TODO | 2 | ||||
| -rw-r--r-- | man/systemd.exec.xml | 36 |
2 files changed, 27 insertions, 11 deletions
@@ -202,8 +202,6 @@ Features: * ask dracut to generate usr= on the kernel cmdline so that we don't need to read /etc/fstab from the root fs from the initrd and do daemon-reload -* document that process resource limits are bullshit - * add PR_SET_DUMPABLE service setting * homed/userdb: maybe define a "companion" dir for home directories where apps diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 7e062313dc..3d7ec1e202 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -819,13 +819,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> <listitem><para>Set soft and hard limits on various resources for executed processes. See <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for - details on the resource limit concept. Resource limits may be specified in two formats: either as - single value to set a specific soft and hard limit to the same value, or as colon-separated pair - <option>soft:hard</option> to set both limits individually (e.g. <literal>LimitAS=4G:16G</literal>). - Use the string <option>infinity</option> to configure no limit on a specific resource. The - multiplicative suffixes K, M, G, T, P and E (to the base 1024) may be used for resource limits - measured in bytes (e.g. <literal>LimitAS=16G</literal>). For the limits referring to time values, the - usual time units ms, s, min, h and so on may be used (see + details on the process resource limit concept. Process resource limits may be specified in two formats: + either as single value to set a specific soft and hard limit to the same value, or as colon-separated + pair <option>soft:hard</option> to set both limits individually + (e.g. <literal>LimitAS=4G:16G</literal>). Use the string <option>infinity</option> to configure no + limit on a specific resource. The multiplicative suffixes K, M, G, T, P and E (to the base 1024) may + be used for resource limits measured in bytes (e.g. <literal>LimitAS=16G</literal>). For the limits + referring to time values, the usual time units ms, s, min, h and so on may be used (see <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details). Note that if no time unit is specified for <varname>LimitCPU=</varname> the default unit of seconds is implied, while for <varname>LimitRTTIME=</varname> the default unit of microseconds is @@ -875,15 +875,17 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> <table> <title>Resource limit directives, their equivalent <command>ulimit</command> shell commands and the unit used</title> - <tgroup cols='3'> + <tgroup cols='4'> <colspec colname='directive' /> <colspec colname='equivalent' /> <colspec colname='unit' /> + <colspec colname='notes' /> <thead> <row> <entry>Directive</entry> <entry><command>ulimit</command> equivalent</entry> <entry>Unit</entry> + <entry>Notes</entry> </row> </thead> <tbody> @@ -891,81 +893,97 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> <entry>LimitCPU=</entry> <entry>ulimit -t</entry> <entry>Seconds</entry> + <entry>-</entry> </row> <row> <entry>LimitFSIZE=</entry> <entry>ulimit -f</entry> <entry>Bytes</entry> + <entry>-</entry> </row> <row> <entry>LimitDATA=</entry> <entry>ulimit -d</entry> <entry>Bytes</entry> + <entry>Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see <varname>MemoryMax=</varname> in <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</entry> </row> <row> <entry>LimitSTACK=</entry> <entry>ulimit -s</entry> <entry>Bytes</entry> + <entry>-</entry> </row> <row> <entry>LimitCORE=</entry> <entry>ulimit -c</entry> <entry>Bytes</entry> + <entry>-</entry> </row> <row> <entry>LimitRSS=</entry> <entry>ulimit -m</entry> <entry>Bytes</entry> + <entry>Don't use. No effect on Linux.</entry> </row> <row> <entry>LimitNOFILE=</entry> <entry>ulimit -n</entry> <entry>Number of File Descriptors</entry> + <entry>Don't use. Be careful when raising the soft limit above 1024, since <function>select()</function> cannot function with file descriptors above 1023 on Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use <function>select()</function>. Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use <varname>MemoryMax=</varname> to control overall service memory use, including file descriptor memory.</entry> </row> <row> <entry>LimitAS=</entry> <entry>ulimit -v</entry> <entry>Bytes</entry> + <entry>Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see <varname>MemoryMax=</varname> in <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</entry> </row> <row> <entry>LimitNPROC=</entry> <entry>ulimit -u</entry> <entry>Number of Processes</entry> + <entry>This limit is enforced based on the number of processes belonging to the user. Typically it's better to track processes per service, i.e. use <varname>TasksMax=</varname>, see <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</entry> </row> <row> <entry>LimitMEMLOCK=</entry> <entry>ulimit -l</entry> <entry>Bytes</entry> + <entry>-</entry> </row> <row> <entry>LimitLOCKS=</entry> <entry>ulimit -x</entry> <entry>Number of Locks</entry> + <entry>-</entry> </row> <row> <entry>LimitSIGPENDING=</entry> <entry>ulimit -i</entry> <entry>Number of Queued Signals</entry> + <entry>-</entry> </row> <row> <entry>LimitMSGQUEUE=</entry> <entry>ulimit -q</entry> <entry>Bytes</entry> + <entry>-</entry> </row> <row> <entry>LimitNICE=</entry> <entry>ulimit -e</entry> <entry>Nice Level</entry> + <entry>-</entry> </row> <row> <entry>LimitRTPRIO=</entry> <entry>ulimit -r</entry> <entry>Realtime Priority</entry> + <entry>-</entry> </row> <row> <entry>LimitRTTIME=</entry> - <entry>No equivalent</entry> + <entry>ulimit -R</entry> <entry>Microseconds</entry> + <entry>-</entry> </row> </tbody> </tgroup> |