I've worked out a trivial patch for start-stop-daemon to enable it
to set per-process ulimits before starting up daemons.
It looks for a file called /etc/limits/name_of_daemon, containing
# This is a comment
core soft 2048
core hard 4096
nofile soft 100
nofile hard 200
nproc soft 50
nproc hard 150
cpu soft 12
cpu hard 15
data soft 120000
data hard 135000
fsize soft 14000
fsize hard 15000
rss soft 10200
rss hard 14500
stack soft 120000
stack hard 130000
memlock soft 15000
memlock hard 17000
as soft 10000000 # this is in bytes
as hard 10000000
If the file does not exist, the daemon is loaded without limits
(as usual), while if it does exist, the specified limits are
enforced. In case the file contains errors, the wrong lines are
skipped, causing a warning to be outputted (unless the --quiet option
has been specified), while the remaining limits are still loaded.
This should mean for the patch to be completely backward
compatible, and completely transparent to the init.d scripts,
debian users and DD.
This patch thus allows to set up ulimits for all daemons on
a debian system in a consistent way, without having to deal with
daemon specific configuration parameters or having to modify the
init script. I consider this particularly important, considering
the problems that may be raised by oom killer, poorly written daemons,
and generally resource exaustion on loaded servers..
And, after all, the user would still be free to use ulimits or
The patch is in a ``works for me status''. I've already opened a
whishlist bug against dpkg (302079), but I'd really like to know
what other think about it and if it works on other systems too.
You can apply the patch by entering the dpkg source dir and
running something like patch -p2 < diff_file. Note that the patch
modifies just the configure.in and the start-stop-daemon.c, so
the directory /etc/limits is not created when installing the
resulting .deb files. You should take care of it manually.
You can cut and paste the configuration file above for a
full example. The patch should even work on kfreebsd systems,
but haven't had the chance to test it. Don't know much about
hurd or other *bsd. For more information about limits, please
look at man setrlimit.
Please carbon copy replies to my email address, since I'm
not subscribed to the list (too high volume) for my internet
GPG Fingerprint: 2383 7B14 4D08 53A4 2C1A CA29 9E98 5431 1A68 6975
"No job too big; no fee too big!"
-- Dr. Peter Venkman, "Ghost-busters"