Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 347301 - www-servers/apache does not apply system limits
Summary: www-servers/apache does not apply system limits
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Apache Team - Bugzilla Reports
URL:
Whiteboard:
Keywords: InVCS
Depends on: 365149
Blocks:
  Show dependency tree
 
Reported: 2010-11-30 16:18 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2011-10-16 15:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-11-30 16:18:52 UTC
It might appear to do so if you try with a /etc/init.d/apache2 start, because then it is started by the shell (and thus inherits its limits and audit session) but it doesn't work that way when started from the RC system at boot up.

The reason is simple: it doesn't pass through start-stop-daemon. While s-s-d has still trouble supporting per-user limits, it at least applies general limits from /etc/security/limits.conf if configured with PAM, but ignoring it will cause no further limits to be applied.

Simply change the start command to 

start-stop-daemon --start --pidfile "${PIDFILE}" ${APACHE2} -- ${APACHE2_OPTS} -k start

and it'll work just fine.

Security feel free to pick this up if you wish to do so.
Comment 1 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2011-09-01 20:48:23 UTC
Should be fixed through bug 365149
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2011-09-06 10:49:48 UTC
Christian I think apache init script does not use ssd, the patch to fix this issue is applied at bug 364453. Or what do I miss?
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2011-09-15 10:38:58 UTC
Thank you for report. Fixed in apache-2.2.21.
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2011-09-15 23:58:09 UTC
I have just updated from 2.2.20 to 2.2.21, and couldn't start apache anymore:

l8xsvn ~ # /etc/init.d/apache2 restart
 * Starting apache2 ...
/sbin/start-stop-daemon: need at least one of --exec, --pidfile, --user or --name
Try `/sbin/start-stop-daemon --help' for more information.                                                                             [ !! ]
l8xsvn ~ # 


I suspect that the new s-s-d syntax used in the init script does not work on my machine as I'm still running on baselayout-1 (due to old xen kernel). Supplying the --exec parameter makes it work.

However, this is certainly a regression that shouldn't have happened, even though baselayout-1 isn't supported anymore (is it? at least it's not in the tree anymore). So what would be the correct way to fix this? Use the old s-s-d syntax? Make apache depend on a new baselayout just because of the init script? Both don't really sound good to me.
Comment 5 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2011-09-16 17:18:56 UTC
Right, its because of baselayout-1.
Comment 6 Peter Volkov (RETIRED) gentoo-dev 2011-10-16 15:31:04 UTC
Tobias what is the reason to keep baselayout-1? Personally I have no means to test this init script with it and I'd let baselayout-1 die. You can keep old init script since init.d directory is config-protected. In any case, please, comment in bug 383957. This one is fixed.