|
Bugzilla – Full Text Bug Listing |
| Summary: | RN: limit number of processes | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Karl Eichwalder <ke> |
| Component: | Release Notes | Assignee: | Karl Eichwalder <ke> |
| Status: | RESOLVED INVALID | QA Contact: | Stephan Kulow <coolo> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | bwiedemann, forgotten_tjopTQsrBC, jmatejka |
| Version: | 201412* | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 949491 | ||
|
Comment 1
Karl Eichwalder
2015-01-08 10:20:10 UTC
I hit this issue with 232 processes and 510 threads if I read the htop output right.
got
File "/usr/lib64/python2.7/threading.py", line 745, in start
_start_new_thread(self.__bootstrap, ())
error: can't start new thread
in my application. After closing 3 chromium tabs it worked as expected.
Problem here is that one size does not fit all.
https://build.opensuse.org/request/show/280569 pam further increases limits Number of Processes Limited to 1200 To harden against fork-bombs the number of processes are now limited to 1200. Normally, no more than 400 processes are running on a standard desktop. The limit can be raised by non-root users up to the hard limit using ulimit -u 1700 If you must run more processes at the same time, adjust the values in /etc/security/limits.conf as needed. (In reply to Bernhard Wiedemann from comment #3) > Normally, no more than 400 processes are running on a standard desktop. What is a standard desktop? why do we need a hard limit at all? I don't see any use for that. (In reply to Stephan Kulow from comment #5) > why do we need a hard limit at all? I don't see any use for that. Without the hard limit, malicious non-root users or software could just disable the soft limit before forking thousands of processes. (In reply to Jan Matejka from comment #4) > (In reply to Bernhard Wiedemann from comment #3) > > Normally, no more than 400 processes are running on a standard desktop. > > What is a standard desktop? What I saw running: KDE4 and icewm with various open applications (firefox, chromium, pidgin, xterms, ssh, rdesktop) Please, don't set the low limit!!! This will create major problems for users. I use google-chrome and usually have many (over 40) tabs open (that's the way I like to use it, Ok). After installing tumbleweed I started getting random tab crashes, and occasional bash shell error - not able to start a process. Chrome logs showed that it couldn't fork a process. Luckily I've been using linux for a while and I figured out quickly where to look. Removing thread limit fixed everything. Even 1200 processes are to few for power users (especially using google-chrome). This is especially bad, because diagnostic is non-existent - you hit the process limit and you start getting random errors. Please, reconsider this change - you are trying to prevent a theoretical atack mode by creating strange errors for common users. Is this feature available on Leap? Shall I add it to the Leap release notes? If yes, I'd use Bernhards proposal: Number of Processes Limited to 1200 To harden against fork-bombs the number of processes are now limited to 1200. Normally, no more than 400 processes are running on a standard desktop. The limit can be raised by non-root users up to the hard limit using ulimit -u 1700 If you must run more processes at the same time, adjust the values in /etc/security/limits.conf as needed. actually no. the pam is of SLE12 origin (In reply to Stephan Kulow from comment #9) > actually no. the pam is of SLE12 origin ok. please reopen if there are news. |