Open Radar

 
26-Mar-2012 04:09 PM W Lewis:
Summary:

If rlimit values for RLIMIT_NOFILE or RLIMIT_NPROC are specified in /etc/launchd.conf, then launchd will overwrite kern.maxfiles or kern.maxproc (respectively) with the rlimit hard limits, and maxfilesperproc/maxprocperuid with the corresponding soft limits. Neither of these makes sense and both make it difficult to administer an OSX system.

For the rest of this bug report I'll just talk about the file-descriptor limits, but the process limits have the same problem. See adjust_rlimits() in launchd_unix_ipc.c for details.

Steps to Reproduce:

Place a command like "limit maxfiles 512 1024" in /etc/launchd.conf, and optionally "kern.maxfiles=16384" in /etc/sysctl.conf. Restart the system.

Expected Results:

The "limit maxfiles" will set the systemwide default per-processrlimit inherited from pid 1 and overridden by any child process that has the priviliges to do so, and the "kern.maxfiles" will set the whole-system limit.

Actual Results:

The per-process rlimit overrides the whole-system limit, meaning that you can't set the limit for an individual process to be lower that the total limit for the entire sysem.

Notes:

There are four values being manipulated here:

RLIMIT_NOFILE rlim_cur   : soft (adjustable) max number of fds in a given proc; settable per-proc
RLIMIT_NOFILE rlim_max   : hard (not adjustable) max number of fds in a given proc; settable per-proc
kern.maxfilesperproc     : system-wide hard limit of fds in a single proc
kern.maxfiles            : system-wide hard limit of total fds among all procs

launchd forces kern.maxfiles to be equal to the NOFILES hard limit, and kern.maxfilesperproc to be equal to the soft limit. Both of these are nonsensical:

1. Setting kern.maxfiles to be the same as RLIMIT_NOFILE.rlim_max means that it is possible for any single process to exhaust the entire system's spply of fds. kern.maxfiles limits the number of fds open in the system; RLIMIT_NOFILE limits the number of fds open in a process--- they're different things.
2. Setting kern.maxfilesperproc (the system-wide hard limit) equal to RLIMIT_NOFILE.rlim_cur (the per-process soft limit) means that the soft limit is no longer soft (increasing it will not allow the process to open more files) and also no longer per-process (since kern.maxfilesperproc applies to all processes in the system).

Regression:

This behavior appears to have been introduced in 10.7. In 10.6, launchd behaves in a more reasonable manner, and allows the systemwide and per-process limits to be different.