diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-03-10 13:22:57 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2022-03-10 18:30:24 +0100 |
commit | 852b62507b22c0a986032a2c9fa9cc464a5b7bd2 (patch) | |
tree | 9c19e343895c408f0c377acfc73fd3c617459f1a /man/systemd-system.conf.xml | |
parent | eadb4f19b3fce11fa341e9497cd518341e3c920b (diff) | |
download | systemd-852b62507b22c0a986032a2c9fa9cc464a5b7bd2.tar.gz |
pid1,nspawn: raise default RLIMIT_MEMLOCK to 8M
This mirrors a similar check in Linux kernel 5.16
(9dcc38e2813e0cd3b195940c98b181ce6ede8f20) that raised the
RLIMIT_MEMLOCK to 8M.
This change does two things: raise the default limit for nspawn
containers (where we try to mimic closely what the kernel does), and
bump it when running on old kernels which still have the lower setting.
Fixes: #16300
See: https://lwn.net/Articles/876288/
Diffstat (limited to 'man/systemd-system.conf.xml')
-rw-r--r-- | man/systemd-system.conf.xml | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index 351662b757..400e35c457 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -485,17 +485,19 @@ <para>Most of these settings are unset, which means the resource limits are inherited from the kernel or, if invoked in a container, from the container manager. However, the following have defaults:</para> <itemizedlist> - <listitem><para><varname>DefaultLimitNOFILE=</varname> defaults to <literal>1024:&HIGH_RLIMIT_NOFILE;</literal>. + <listitem><para><varname>DefaultLimitNOFILE=</varname> defaults to 1024:&HIGH_RLIMIT_NOFILE;. </para></listitem> + <listitem><para><varname>DefaultLimitMEMLOCK=</varname> defaults to 8M.</para></listitem> + <listitem><para><varname>DefaultLimitCORE=</varname> does not have a default but it is worth mentioning that <varname>RLIMIT_CORE</varname> is set to <literal>infinity</literal> by PID 1 which is inherited by its children.</para></listitem> - - <listitem><para>Note that the service manager internally increases <varname>RLIMIT_MEMLOCK</varname> for - itself, however the limit is reverted to the original value for child processes forked off.</para></listitem> </itemizedlist> + <para>Note that the service manager internally in PID 1 bumps <varname>RLIMIT_NOFILE</varname> and + <varname>RLIMIT_MEMLOCK</varname> to higher values, however the limit is reverted to the mentioned + defaults for all child processes forked off.</para> </listitem> </varlistentry> |