group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1686361] Re: systemd does not respect nofile ulimit when running in container

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1686361@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 May 2017 18:45:45 -0000
Reply-to: Bug 1686361 <1686361@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package systemd - 233-6ubuntu1

---------------
systemd (233-6ubuntu1) artful; urgency=medium

  Merge from Debian, existing changes:
  * ubuntu: udev.postinst preserve virtio interfaces names on upgrades, on s390x.
    New udev generates stable interface names on s390x kvm instances, however, upon
    upgrades existing ethX names should be preserved to prevent breaking networking
    and software configurations.
    This patch only affects Ubuntu systems. (Closes: #860246) (LP: #1682437)
  * TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd.
  * networkd: cherry-pick support for setting bridge port's priority.
    This is a useful feature/bugfix to improve feature parity of networkd with
    ifupdown. This matches netplan's expectations to be able to set bridge port's
    priorities via networked. This featue is to be used by netplan/MAAS/OpenStack.

  New changes:
  * Cherrypick upstream commit to enable system use kernel maximum limit for
    RLIMIT_NOFILE isntead of hard-coded (low) limit of 65536.  (LP: #1686361)
  * debian/tests/root-unittests: disable execute and seccomp tests on arm
    test-seccomp and test-execute fail on arm64 kernels. Marking both tests as
    expected failures. An upstream bug report is filed to resolve these.
    (LP: #1672499)

systemd (233-6) experimental; urgency=medium

  [ Felipe Sateler ]
  * Backport upstream PR #5531.
    This delays opening the mdns and llmnr sockets until a network has enabled
    them. This silences annoying messages when networkd receives such packets
    without expecting them: Got mDNS UDP packet on unknown scope.

  [ Martin Pitt ]
  * resolved: Disable DNSSEC by default on stretch and zesty.
    Both Debian stretch and Ubuntu zesty are close to releasing, switch to
    DNSSEC=off by default for those. Users can still turn it back on with
    DNSSEC=allow-downgrade (or even "yes").

  [ Michael Biebl ]
  * Add Conflicts against hal.
    Since v183, udev no longer supports RUN+="socket:". This feature is
    still used by hal, but now generates vast amounts of errors in the
    journal. Thus force the removal of hal by adding a Conflicts to the udev
    package. This is safe, as hal is long dead and no longer useful.
  * Drop systemd-ui Suggests
    systemd-ui is unmaintained upstream and not particularly useful anymore.
  * journal: fix up syslog facility when forwarding native messages.
    Native journal messages (_TRANSPORT=journal) typically don't have a
    syslog facility attached to it. As a result when forwarding the
    messages to syslog they ended up with facility 0 (LOG_KERN).
    Apply syslog_fixup_facility() so we use LOG_USER instead.
    (Closes: #837893)
  * Split upstream tests into systemd-tests binary package (Closes: #859152)
  * Get PACKAGE_VERSION from config.h.
    This also works with meson and is not autotools specific.

  [ Sjoerd Simons ]
  * init-functions Only call daemon-reload when planning to redirect
    systemctl daemon-reload is a quite a heavy operation, it will re-parse
    all configuration and re-run all generators. This should only be done
    when strictly needed. (Closes: #861158)

 -- Dimitri John Ledkov <xnox@xxxxxxxxxx>  Tue, 02 May 2017 11:23:19
+0100

** Changed in: systemd (Ubuntu Artful)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1686361

Title:
  systemd does not respect nofile ulimit when running in container

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  New
Status in systemd source package in Yakkety:
  New
Status in systemd source package in Zesty:
  New
Status in systemd source package in Artful:
  Fix Released

Bug description:
  When systemd currently starts in a container that has RLIMIT_NOFILE set to e.g.
  100000 systemd will lower it to 65536 since this value is hard-coded into systemd.
  I've pushed a patch to systemd upstream that will try to set
  the nofile limit to the allowed kernel maximum. If this fails, it will compute
  the minimum of the current set value (the limit that is set on the container)
  and the maximum value as soft limit and the currently set maximum value as the
  maximum value. This way it retains the limit set on the container.
  It would be great if we could backport this patch to have system adhere to
  nofile limits set for the container. This is especially important since user
  namespaces will allow you to lower the limit but not raise it back up afterwards.
  The upstream patch is appended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1686361/+subscriptions