Re: Which package is responsible for setting rlimits?
Simon Richter <sjr@debian.org> writes:
> The way I see it, we want a pam_systemd module that is responsible for
> applying *all* settings configured in systemd units, and that is kept in
> sync with the unit file parser, and the pam_limits module to handle the
> non-systemd setups.
My understanding is that if you're running systemd, systemd does all of
this, so there's nothing for the PAM module to do. So I think this
proposal reduces to arguing that pam_limits should be disabled on systemd
systems.
I think there's some merit of simplicity in going that direction on
individual systemd systems (I personally like keeping all of a daemon's
configuration in one place), but there's a huge transition problem in
trying to do this at the Debian level. A lot of people likely have limits
configured using the pam_limits mechanism and would need to move those
limits into unit files (and in some cases replace init scripts with unit
files so that they can do so). That's not a transition that we can easily
help with, either.
pam_limits also does some things that are unrelated to starting services,
such as setting up limits for interactive user sessions, and I think pure
systemd systems still rely on that? So I'm not sure this is as simple as
just disabling the module or having it do nothing if systemd is init.
I see five packages in Debian that ship files in /etc/security/limits.d,
which presumably would require changes in your proposed approach to add
the same settings to their relevant unit files:
corekeeper: /etc/security/limits.d/corekeeper.conf
libvma: /etc/security/limits.d/30-libvma-limits.conf
lizardfs-common: /etc/security/limits.d/10-lizardfs.conf
stenographer-common: /etc/security/limits.d/stenographer.conf
uhd-host: /etc/security/limits.d/uhd.conf
--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>
Reply to: