Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 328673

Summary: Soft limits default to lowest potentially-applicable hard limit
Product: Gentoo Linux Reporter: Luke-Jr <luke-jr+gentoobugs>
Component: [OLD] baselayoutAssignee: PAM Gentoo Team (OBSOLETE) <pam-bugs+disabled>
Status: VERIFIED INVALID    
Severity: minor CC: jer
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Luke-Jr 2010-07-16 22:19:18 UTC
If I have a global hard limit of 256 processes per user login, but an exception for my own user allowing 1024, my login starts with the correct default of 1024 hard-limit, but a 256 soft-limit. I did not have this problem prior to my baselayout2/openrc update, so I suspect they may be related. I don't know if this is by design or a bug. Please close if invalid.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2010-07-19 16:52:02 UTC
where did you store the runtime configuration for that user's exception?
Comment 2 Luke-Jr 2010-07-19 17:28:52 UTC
luke-jr@tsuruki ~ $ cat /etc/security/limits.d/default.conf 
*       hard    nproc   256

luke-jr@tsuruki ~ $ cat /etc/security/limits.d/luke-jr.conf 
luke-jr hard    nproc   1024
luke-jr soft    nproc   1024
luke-jr hard    nice    -5
luke-jr soft    nice    -5
--
If I remove the 'luke-jr soft'* lines, I get a soft limit of 256
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2010-07-19 19:31:59 UTC
I have that directory but it is empty, so maybe pam stopped parsing that recently. In my case it was last touched quite a while back:

drwxr-xr-x 2 root root 4096 Oct 19  2007 /etc/security/limits.d

Maybe try setting everything up in /etc/security/limits.conf instead?
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-19 21:39:29 UTC
I should ask again for NOTABUG:


           hard
               for enforcing hard resource limits. These limits are set by the
               superuser and enforced by the Kernel. The user cannot raise his
               requirement of system resources above such values.

           soft
               for enforcing soft resource limits. These limits are ones that
               the user can move up or down within the permitted range by any
               pre-existing hard limits. The values specified with this token
               can be thought of as default values, for normal system usage.

           -
               for enforcing both soft and hard resource limits together.

               Note, if you specify a type of ´-´ but neglect to supply the
               item and value fields then the module will never enforce any
               limits on the specified user/group etc. .
Comment 5 Luke-Jr 2010-07-19 23:37:21 UTC
Rephrased... the rules in limits.d are being parsed and applied correctly. The problem is with the default given to the soft limit when there is not one specifically set. The soft limit *used to* default to the (final) hard limit. Now it defaults to the lowest hard limit ever matching (in my case, the rule matching all users with a hard limit of 256). To summarize:
1. Given the limit ruleset:
    *       hard    nproc   256
    luke-jr hard    nproc   1024
2. Under baselayout 1, the soft limit for user 'luke-jr' would default to 1024 (the assigned hard limit for the user).
3. Under baselayout 2, the soft limit for user 'luke-jr' is now 256 (the lower hard limit given to all users)

flameeyes, why do you feel this is not a bug? Your cited documentation does not talk about default values at all.
Comment 6 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-19 23:42:46 UTC
Care to read? Setting the hard limit ALONE won't change the soft limit.
You either use - or you use both soft and hard, it's so by design, and baselayout has nothing to do with it.
Comment 7 Luke-Jr 2010-07-19 23:56:37 UTC
I'm not expecting it to change the soft limit. The soft limit is at no time set to 256. This issue is dealing with *defaults*.
Comment 8 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-20 00:04:22 UTC
It sounds a sane default to set, if you don't ask anything else, you can't expect the thing to be telepathic.

Just stop wasting my time and set the limit with - if that's what you want!
Comment 9 Luke-Jr 2010-07-20 01:00:44 UTC
Whatever, it should at least be documented as a change from prior behaviour.