richardphibel / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
b9a53a
From b9be2c6b48227642ba85c5a741f121cc99655904 Mon Sep 17 00:00:00 2001
b9a53a
From: =?UTF-8?q?Michal=20Sekleta=CC=81r?= <msekleta@redhat.com>
b9a53a
Date: Mon, 6 Jan 2020 12:30:58 +0100
b9a53a
Subject: [PATCH] sysctl: let's by default increase the numeric PID range from
b9a53a
 2^16 to 2^22
b9a53a
b9a53a
This should PID collisions a tiny bit less likely, and thus improve
b9a53a
security and robustness.
b9a53a
b9a53a
2^22 isn't particularly a lot either, but it's the current kernel
b9a53a
limitation.
b9a53a
b9a53a
Bumping this limit was suggested by Linus himself:
b9a53a
b9a53a
https://lwn.net/ml/linux-kernel/CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com/
b9a53a
b9a53a
Let's experiment with this in systemd upstream first. Downstreams and
b9a53a
users can after all still comment this easily.
b9a53a
b9a53a
Besides compat concern the most often heard issue with such high PIDs is
b9a53a
usability, since they are potentially hard to type. I am not entirely sure though
b9a53a
whether 4194304 (as largest new PID) is that much worse to type or to
b9a53a
copy than 65563.
b9a53a
b9a53a
This should also simplify management of per system tasks limits as by
b9a53a
this move the sysctl /proc/sys/kernel/threads-max becomes the primary
b9a53a
knob to control how many processes to have in parallel.
b9a53a
b9a53a
Resolves: #1744214
b9a53a
---
b9a53a
 sysctl.d/50-pid-max.conf | 17 +++++++++++++++++
b9a53a
 sysctl.d/meson.build     |  1 +
b9a53a
 2 files changed, 18 insertions(+)
b9a53a
 create mode 100644 sysctl.d/50-pid-max.conf
b9a53a
b9a53a
diff --git a/sysctl.d/50-pid-max.conf b/sysctl.d/50-pid-max.conf
b9a53a
new file mode 100644
b9a53a
index 0000000000..3a8393d185
b9a53a
--- /dev/null
b9a53a
+++ b/sysctl.d/50-pid-max.conf
b9a53a
@@ -0,0 +1,17 @@
b9a53a
+#  This file is part of systemd.
b9a53a
+#
b9a53a
+#  systemd is free software; you can redistribute it and/or modify it
b9a53a
+#  under the terms of the GNU Lesser General Public License as published by
b9a53a
+#  the Free Software Foundation; either version 2.1 of the License, or
b9a53a
+#  (at your option) any later version.
b9a53a
+
b9a53a
+# See sysctl.d(5) and core(5) for documentation.
b9a53a
+
b9a53a
+# To override settings in this file, create a local file in /etc
b9a53a
+# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
b9a53a
+# there.
b9a53a
+
b9a53a
+# Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default
b9a53a
+# of 2^16), to make PID collisions less likely.
b9a53a
+kernel.pid_max = 4194304
b9a53a
+
b9a53a
diff --git a/sysctl.d/meson.build b/sysctl.d/meson.build
b9a53a
index 64f6ce942e..a95957ad7d 100644
b9a53a
--- a/sysctl.d/meson.build
b9a53a
+++ b/sysctl.d/meson.build
b9a53a
@@ -2,6 +2,7 @@
b9a53a
 
b9a53a
 install_data(
b9a53a
         '50-default.conf',
b9a53a
+        '50-pid-max.conf',
b9a53a
         install_dir : sysctldir)
b9a53a
 
b9a53a
 in_files = []