|
 |
c2dfb7 |
From b9be2c6b48227642ba85c5a741f121cc99655904 Mon Sep 17 00:00:00 2001
|
|
|
c2dfb7 |
From: =?UTF-8?q?Michal=20Sekleta=CC=81r?= <msekleta@redhat.com>
|
|
|
c2dfb7 |
Date: Mon, 6 Jan 2020 12:30:58 +0100
|
|
|
c2dfb7 |
Subject: [PATCH] sysctl: let's by default increase the numeric PID range from
|
|
|
c2dfb7 |
2^16 to 2^22
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
This should PID collisions a tiny bit less likely, and thus improve
|
|
|
c2dfb7 |
security and robustness.
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
2^22 isn't particularly a lot either, but it's the current kernel
|
|
|
c2dfb7 |
limitation.
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
Bumping this limit was suggested by Linus himself:
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
https://lwn.net/ml/linux-kernel/CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com/
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
Let's experiment with this in systemd upstream first. Downstreams and
|
|
|
c2dfb7 |
users can after all still comment this easily.
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
Besides compat concern the most often heard issue with such high PIDs is
|
|
|
c2dfb7 |
usability, since they are potentially hard to type. I am not entirely sure though
|
|
|
c2dfb7 |
whether 4194304 (as largest new PID) is that much worse to type or to
|
|
|
c2dfb7 |
copy than 65563.
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
This should also simplify management of per system tasks limits as by
|
|
|
c2dfb7 |
this move the sysctl /proc/sys/kernel/threads-max becomes the primary
|
|
|
c2dfb7 |
knob to control how many processes to have in parallel.
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
Resolves: #1744214
|
|
|
c2dfb7 |
---
|
|
|
c2dfb7 |
sysctl.d/50-pid-max.conf | 17 +++++++++++++++++
|
|
|
c2dfb7 |
sysctl.d/meson.build | 1 +
|
|
|
c2dfb7 |
2 files changed, 18 insertions(+)
|
|
|
c2dfb7 |
create mode 100644 sysctl.d/50-pid-max.conf
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
diff --git a/sysctl.d/50-pid-max.conf b/sysctl.d/50-pid-max.conf
|
|
|
c2dfb7 |
new file mode 100644
|
|
|
c2dfb7 |
index 0000000000..3a8393d185
|
|
|
c2dfb7 |
--- /dev/null
|
|
|
c2dfb7 |
+++ b/sysctl.d/50-pid-max.conf
|
|
|
c2dfb7 |
@@ -0,0 +1,17 @@
|
|
|
c2dfb7 |
+# This file is part of systemd.
|
|
|
c2dfb7 |
+#
|
|
|
c2dfb7 |
+# systemd is free software; you can redistribute it and/or modify it
|
|
|
c2dfb7 |
+# under the terms of the GNU Lesser General Public License as published by
|
|
|
c2dfb7 |
+# the Free Software Foundation; either version 2.1 of the License, or
|
|
|
c2dfb7 |
+# (at your option) any later version.
|
|
|
c2dfb7 |
+
|
|
|
c2dfb7 |
+# See sysctl.d(5) and core(5) for documentation.
|
|
|
c2dfb7 |
+
|
|
|
c2dfb7 |
+# To override settings in this file, create a local file in /etc
|
|
|
c2dfb7 |
+# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
|
|
|
c2dfb7 |
+# there.
|
|
|
c2dfb7 |
+
|
|
|
c2dfb7 |
+# Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default
|
|
|
c2dfb7 |
+# of 2^16), to make PID collisions less likely.
|
|
|
c2dfb7 |
+kernel.pid_max = 4194304
|
|
|
c2dfb7 |
+
|
|
|
c2dfb7 |
diff --git a/sysctl.d/meson.build b/sysctl.d/meson.build
|
|
|
c2dfb7 |
index 64f6ce942e..a95957ad7d 100644
|
|
|
c2dfb7 |
--- a/sysctl.d/meson.build
|
|
|
c2dfb7 |
+++ b/sysctl.d/meson.build
|
|
|
c2dfb7 |
@@ -2,6 +2,7 @@
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
install_data(
|
|
|
c2dfb7 |
'50-default.conf',
|
|
|
c2dfb7 |
+ '50-pid-max.conf',
|
|
|
c2dfb7 |
install_dir : sysctldir)
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
in_files = []
|