sysctl: let's by default increase the numeric PID range from 2^16 to 2^22

This should PID collisions a tiny bit less likely, and thus improve
security and robustness.

2^22 isn't particularly a lot either, but it's the current kernel
limitation.

Bumping this limit was suggested by Linus himself:

https://lwn.net/ml/linux-kernel/CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com/

Let's experiment with this in systemd upstream first. Downstreams and
users can after all still comment this easily.

Besides compat concern the most often heard issue with such high PIDs is
usability, since they are potentially hard to type. I am not entirely sure though
whether 4194304 (as largest new PID) is that much worse to type or to
copy than 65563.

This should also simplify management of per system tasks limits as by
this move the sysctl /proc/sys/kernel/threads-max becomes the primary
knob to control how many processes to have in parallel.

2 files changed, 4 insertions, 2 deletions

diff --git a/TODO b/TODO
index 663e4fedd8..87c4355355 100644
--- a/TODO
+++ b/TODO
@@ -904,8 +904,6 @@ Features:
 
 * support crash reporting operation modes (https://live.gnome.org/GnomeOS/Design/Whiteboards/ProblemReporting)
 
-* default to actual 32-bit PIDs, via /proc/sys/kernel/pid_max
-
 * be able to specify a forced restart of service A where service B depends on, in case B
   needs to be auto-respawned?
 
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index 27084f6242..ace2302589 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -40,3 +40,7 @@ fs.protected_symlinks = 1
 # Enable regular file and FIFO protection
 fs.protected_regular = 1
 fs.protected_fifos = 1
+
+# Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default
+# of 2^16), to make PID collisions less likely.
+kernel.pid_max = 4194304