Commit 084e84e3 authored by Michael Biebl's avatar Michael Biebl
Browse files

Don't bump fs.nr_open in PID 1 

In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
value. Processes that are spawned directly by systemd, will have
RLIMIT_NOFILE be set to 512K (hard).
pam_limits in Debian defaults to "set_all", i.e. for limits which are
not explicitly configured in /etc/security/limits.conf, the value from
PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
the highest possible value instead of 512K. Not every software is able
to deal with such an RLIMIT_NOFILE properly.
While this is arguably a questionable default in Debian's pam_limit,
work around this problem by not bumping fs.nr_open in PID 1.

Closes: #917167
parent 1bdc896a

debian/rules

+1 −0
Original line number Diff line number Diff line
@@ -70,6 +70,7 @@ CONFFLAGS = \ 
	-Dsystem-gid-max=999 \

	-Dnobody-user=nobody \

	-Dnobody-group=nogroup \

	-Dbump-proc-sys-fs-nr-open=false \

	-Ddev-kvm-mode=0660



# resolved's DNSSEC support is still not mature enough, don't enable it by