How do I set process memory ulimits system wide on OpenBSD?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

How do I set process memory ulimits system wide on OpenBSD?

Douglas Held
I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.

I find I can't allocate more than 1GB to any process as root.  ksh
ulimit builtin provides me this when I try to set the hard limit
unlimited.

Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
root and then su my application user, the specified limit is
unattainable.

# ulimit -d
1048576
# ulimit -Hd unlimited
# ulimit -d unlimited
# ulimit -d
1048576
# su - xyz
$ ulimit -d
524288
$ ulimit -d 1024575
ksh: ulimit: exceeds allowable limit

Other operating systems have a configuration such as
/etc/security/limits.conf.  What is the equivalent in OpenBSD?


--
Douglas Held
[hidden email]
+447986527654

Reply | Threaded
Open this post in threaded view
|

Re: How do I set process memory ulimits system wide on OpenBSD?

Tobias Ulmer
On Sat, Jan 01, 2011 at 02:54:48PM +0000, Douglas Held wrote:
> I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
>
> I find I can't allocate more than 1GB to any process as root.  ksh
> ulimit builtin provides me this when I try to set the hard limit
> unlimited.

1GB is the hard limit in the kernel (for i386). There are a number of
factors that play into this, the limitations of i386 with W^X, address
space randomisation, space for mmap, etc. Basically the price you pay
for OpenBSDs "invisible" security features.

There are some recent patches on tech@ that raise the limit a bit, iirc.

>
> Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
> root and then su my application user, the specified limit is
> unattainable.
>
> # ulimit -d
> 1048576
> # ulimit -Hd unlimited
> # ulimit -d unlimited
> # ulimit -d
> 1048576
> # su - xyz
> $ ulimit -d
> 524288
> $ ulimit -d 1024575
> ksh: ulimit: exceeds allowable limit
>
> Other operating systems have a configuration such as
> /etc/security/limits.conf.  What is the equivalent in OpenBSD?
>
>
> --
> Douglas Held
> [hidden email]
> +447986527654

Reply | Threaded
Open this post in threaded view
|

Re: How do I set process memory ulimits system wide on OpenBSD?

Douglas Held
OK. 1GB hard limit, I can work with that.

What about the reduced limit for my non root user?  For now I'll
simply carry out my processing as root, but this can hardly be
considered best practices.

Doug

On Sat, Jan 1, 2011 at 3:23 PM, Tobias Ulmer <[hidden email]> wrote:

> On Sat, Jan 01, 2011 at 02:54:48PM +0000, Douglas Held wrote:
>> I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
>>
>> I find I can't allocate more than 1GB to any process as root.  ksh
>> ulimit builtin provides me this when I try to set the hard limit
>> unlimited.
>
> 1GB is the hard limit in the kernel (for i386). There are a number of
> factors that play into this, the limitations of i386 with W^X, address
> space randomisation, space for mmap, etc. Basically the price you pay
> for OpenBSDs "invisible" security features.
>
> There are some recent patches on tech@ that raise the limit a bit, iirc.
>
>>
>> Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
>> root and then su my application user, the specified limit is
>> unattainable.
>>
>> # ulimit -d
>> 1048576
>> # ulimit -Hd unlimited
>> # ulimit -d unlimited
>> # ulimit -d
>> 1048576
>> # su - xyz
>> $ ulimit -d
>> 524288
>> $ ulimit -d 1024575
>> ksh: ulimit: exceeds allowable limit
>>
>> Other operating systems have a configuration such as
>> /etc/security/limits.conf.  What is the equivalent in OpenBSD?
>>
>>
>> --
>> Douglas Held
>> [hidden email]
>> +447986527654
>>
>



--
Douglas Held
[hidden email]
+447986527654

Reply | Threaded
Open this post in threaded view
|

Re: How do I set process memory ulimits system wide on OpenBSD?

Ingo Schwarze
In reply to this post by Douglas Held
Hi Douglas,

Douglas Held wrote on Sat, Jan 01, 2011 at 02:54:48PM +0000:

> I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
>
> I find I can't allocate more than 1GB to any process as root.  ksh
> ulimit builtin provides me this when I try to set the hard limit
> unlimited.
>
> Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
> root and then su my application user, the specified limit is
> unattainable.
>
> # ulimit -d
> 1048576
> # ulimit -Hd unlimited
> # ulimit -d unlimited
> # ulimit -d
> 1048576
> # su - xyz
> $ ulimit -d
> 524288
> $ ulimit -d 1024575
> ksh: ulimit: exceeds allowable limit
>
> Other operating systems have a configuration such as
> /etc/security/limits.conf.  What is the equivalent in OpenBSD?

Have a look at login.conf(5).

Of course, that will only work as far up as supported by your
architecture.

Yours,
  Ingo

Reply | Threaded
Open this post in threaded view
|

Re: How do I set process memory ulimits system wide on OpenBSD?

Tobias Ulmer
In reply to this post by Douglas Held
On Sat, Jan 01, 2011 at 03:53:09PM +0000, Douglas Held wrote:
> OK. 1GB hard limit, I can work with that.
>
> What about the reduced limit for my non root user?  For now I'll
> simply carry out my processing as root, but this can hardly be
> considered best practices.

Put the user in the "staff" class (login.conf(5), passwd(5)). The user
can then raise its limits.

>
> Doug
>
> On Sat, Jan 1, 2011 at 3:23 PM, Tobias Ulmer <[hidden email]> wrote:
> > On Sat, Jan 01, 2011 at 02:54:48PM +0000, Douglas Held wrote:
> >> I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
> >>
> >> I find I can't allocate more than 1GB to any process as root.  ksh
> >> ulimit builtin provides me this when I try to set the hard limit
> >> unlimited.
> >
> > 1GB is the hard limit in the kernel (for i386). There are a number of
> > factors that play into this, the limitations of i386 with W^X, address
> > space randomisation, space for mmap, etc. Basically the price you pay
> > for OpenBSDs "invisible" security features.
> >
> > There are some recent patches on tech@ that raise the limit a bit, iirc.
> >
> >>
> >> Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
> >> root and then su my application user, the specified limit is
> >> unattainable.
> >>
> >> # ulimit -d
> >> 1048576
> >> # ulimit -Hd unlimited
> >> # ulimit -d unlimited
> >> # ulimit -d
> >> 1048576
> >> # su - xyz
> >> $ ulimit -d
> >> 524288
> >> $ ulimit -d 1024575
> >> ksh: ulimit: exceeds allowable limit
> >>
> >> Other operating systems have a configuration such as
> >> /etc/security/limits.conf.  What is the equivalent in OpenBSD?
> >>
> >>
> >> --
> >> Douglas Held
> >> [hidden email]
> >> +447986527654
> >>
> >
>
>
>
> --
> Douglas Held
> [hidden email]
> +447986527654