Commit 084e84e3 authored by Michael Biebl's avatar Michael Biebl

Don't bump fs.nr_open in PID 1

In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
value. Processes that are spawned directly by systemd, will have
RLIMIT_NOFILE be set to 512K (hard).
pam_limits in Debian defaults to "set_all", i.e. for limits which are
not explicitly configured in /etc/security/limits.conf, the value from
PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
the highest possible value instead of 512K. Not every software is able
to deal with such an RLIMIT_NOFILE properly.
While this is arguably a questionable default in Debian's pam_limit,
work around this problem by not bumping fs.nr_open in PID 1.

Closes: #917167
parent 1bdc896a
......@@ -70,6 +70,7 @@ CONFFLAGS = \
-Dsystem-gid-max=999 \
-Dnobody-user=nobody \
-Dnobody-group=nogroup \
-Dbump-proc-sys-fs-nr-open=false \
# resolved's DNSSEC support is still not mature enough, don't enable it by
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment