[Bug 182960] Re: Please set memory limits by default

Steve Langasek steve.langasek at canonical.com
Sun Jun 12 19:53:12 UTC 2011 

Note that as of oneiric, pam_limits directly probes the kernel for
default limits to set (by reading /proc/1/limits), and it is our stated
policy that pam_limits should not impose any policy by default other
than the one given by the kernel itself.  As such, though a feature to
allow specifying memory limits as a percentage in limits.conf may be
useful:

 - this should be submitted upstream first rather than being applied as a patch in Ubuntu
 - the default limits.conf shipped in Ubuntu will not use this feature, even if present.

If your aim is to get limits applied by default, please submit a patch
to the kernel instead.  The kernel already sets several default limits
based on available system resources, so there's no problem in principle
with doing the same thing for memory limits (though the exact limit
chosen will have to be justified to upstream).

** Package changed: pam (Ubuntu) => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/182960

Title:
  Please set memory limits by default

Status in “linux” package in Ubuntu:
  Triaged

Bug description:
  Accidental actions by a single user or program that tries to consume
  all available memory can cause the system to start swapping and
  becoming completely unusable. I just did this by accident and had to
  hard reset.

  Please set a default limit on the amount of memory available to a
  single process. I think a default of some proportion of total system
  memory would be sensible - say 75%. Except in special circumstances,
  exceeding this sort of amount would cause the system to be unusable,
  so it shouldn't impact the average user. Advanced users or those with
  special requirements would be able to increase or remove the limit.

  I'd make it a hard limit for security reasons so that multiple users
  are protected from each other, but I would be happy if it was decided
  to use a soft limit instead.

  See bug 14505 for a discussion of this issue. I think it could be
  resolved in the same way?

  It's never been clear to me which combination of "data seg size", "max
  memory size", "stack size" and "virtual memory" should be used. I have
  always used just "virtual memory" and this has caught runaway
  processes for me every time. Any opinions? I've never found any more
  detailed documentation on the available limits apart from this.

  I will happily write or modify an existing PAM module if this is how
  you'd like it implemented.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/182960/+subscriptions

More information about the foundations-bugs mailing list