From: Daan De Meyer Date: Fri, 25 Aug 2023 11:55:36 +0000 (+0200) Subject: Limit rlim_max in rlimit_nofile_safe() to nr_open X-Git-Tag: v255-rc1~641^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F28968%2Fhead;p=thirdparty%2Fsystemd.git Limit rlim_max in rlimit_nofile_safe() to nr_open We might inherit a max rlim value that's larger than the kernel's maximum (nr_open). This will cause setrlimit() to fail as the given maximum is larger than the kernel's maximum. To get around this, let's limit the max rlim we pass to rlimit() to the value of nr_open. Should fix #28965 --- diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c index 91424cd3cce..a0ffb24626f 100644 --- a/src/basic/rlimit-util.c +++ b/src/basic/rlimit-util.c @@ -401,7 +401,11 @@ int rlimit_nofile_safe(void) { if (rl.rlim_cur <= FD_SETSIZE) return 0; - rl.rlim_cur = FD_SETSIZE; + /* So we might have inherited a hard limit that's larger than the kernel's maximum limit as stored in + * /proc/sys/fs/nr_open. If we pass this hard limit unmodified to setrlimit(), we'll get EPERM. To + * make sure that doesn't happen, let's limit our hard limit to the value from nr_open. */ + rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open()); + rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max); if (setrlimit(RLIMIT_NOFILE, &rl) < 0) return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);