diff options
| author | Michal Sekletár <msekleta@redhat.com> | 2020-01-06 12:30:58 +0100 |
|---|---|---|
| committer | The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com> | 2020-02-12 10:12:33 +0100 |
| commit | b9be2c6b48227642ba85c5a741f121cc99655904 (patch) | |
| tree | 182f539de79718938cca9638f2b1515e92f851e5 | |
| parent | 2ec3c78b1d1ba907cd888aac3cdc3a86c03cda90 (diff) | |
| download | systemd-b9be2c6b48227642ba85c5a741f121cc99655904.tar.gz | |
sysctl: let's by default increase the numeric PID range from 2^16 to 2^22
This should PID collisions a tiny bit less likely, and thus improve
security and robustness.
2^22 isn't particularly a lot either, but it's the current kernel
limitation.
Bumping this limit was suggested by Linus himself:
https://lwn.net/ml/linux-kernel/CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com/
Let's experiment with this in systemd upstream first. Downstreams and
users can after all still comment this easily.
Besides compat concern the most often heard issue with such high PIDs is
usability, since they are potentially hard to type. I am not entirely sure though
whether 4194304 (as largest new PID) is that much worse to type or to
copy than 65563.
This should also simplify management of per system tasks limits as by
this move the sysctl /proc/sys/kernel/threads-max becomes the primary
knob to control how many processes to have in parallel.
Resolves: #1744214
| -rw-r--r-- | sysctl.d/50-pid-max.conf | 17 | ||||
| -rw-r--r-- | sysctl.d/meson.build | 1 |
2 files changed, 18 insertions, 0 deletions
diff --git a/sysctl.d/50-pid-max.conf b/sysctl.d/50-pid-max.conf new file mode 100644 index 0000000000..3a8393d185 --- /dev/null +++ b/sysctl.d/50-pid-max.conf @@ -0,0 +1,17 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See sysctl.d(5) and core(5) for documentation. + +# To override settings in this file, create a local file in /etc +# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments +# there. + +# Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default +# of 2^16), to make PID collisions less likely. +kernel.pid_max = 4194304 + diff --git a/sysctl.d/meson.build b/sysctl.d/meson.build index 64f6ce942e..a95957ad7d 100644 --- a/sysctl.d/meson.build +++ b/sysctl.d/meson.build @@ -2,6 +2,7 @@ install_data( '50-default.conf', + '50-pid-max.conf', install_dir : sysctldir) in_files = [] |