diff --git a/TODO b/TODO index f208f68e0eb..0a17af239b6 100644 --- a/TODO +++ b/TODO @@ -202,8 +202,6 @@ Features: * ask dracut to generate usr= on the kernel cmdline so that we don't need to read /etc/fstab from the root fs from the initrd and do daemon-reload -* document that process resource limits are bullshit - * add PR_SET_DUMPABLE service setting * homed/userdb: maybe define a "companion" dir for home directories where apps diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 7e062313dc0..3d7ec1e2028 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -819,13 +819,13 @@ CapabilityBoundingSet=~CAP_B CAP_C Set soft and hard limits on various resources for executed processes. See setrlimit2 for - details on the resource limit concept. Resource limits may be specified in two formats: either as - single value to set a specific soft and hard limit to the same value, or as colon-separated pair - to set both limits individually (e.g. LimitAS=4G:16G). - Use the string to configure no limit on a specific resource. The - multiplicative suffixes K, M, G, T, P and E (to the base 1024) may be used for resource limits - measured in bytes (e.g. LimitAS=16G). For the limits referring to time values, the - usual time units ms, s, min, h and so on may be used (see + details on the process resource limit concept. Process resource limits may be specified in two formats: + either as single value to set a specific soft and hard limit to the same value, or as colon-separated + pair to set both limits individually + (e.g. LimitAS=4G:16G). Use the string to configure no + limit on a specific resource. The multiplicative suffixes K, M, G, T, P and E (to the base 1024) may + be used for resource limits measured in bytes (e.g. LimitAS=16G). For the limits + referring to time values, the usual time units ms, s, min, h and so on may be used (see systemd.time7 for details). Note that if no time unit is specified for LimitCPU= the default unit of seconds is implied, while for LimitRTTIME= the default unit of microseconds is @@ -875,15 +875,17 @@ CapabilityBoundingSet=~CAP_B CAP_C Resource limit directives, their equivalent <command>ulimit</command> shell commands and the unit used - + + Directive ulimit equivalent Unit + Notes @@ -891,81 +893,97 @@ CapabilityBoundingSet=~CAP_B CAP_CLimitCPU=ulimit -tSeconds + - LimitFSIZE= ulimit -f Bytes + - LimitDATA= ulimit -d Bytes + Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see MemoryMax= in systemd.resource-control5. LimitSTACK= ulimit -s Bytes + - LimitCORE= ulimit -c Bytes + - LimitRSS= ulimit -m Bytes + Don't use. No effect on Linux. LimitNOFILE= ulimit -n Number of File Descriptors + Don't use. Be careful when raising the soft limit above 1024, since select() cannot function with file descriptors above 1023 on Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use select(). Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use MemoryMax= to control overall service memory use, including file descriptor memory. LimitAS= ulimit -v Bytes + Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see MemoryMax= in systemd.resource-control5. LimitNPROC= ulimit -u Number of Processes + This limit is enforced based on the number of processes belonging to the user. Typically it's better to track processes per service, i.e. use TasksMax=, see systemd.resource-control5. LimitMEMLOCK= ulimit -l Bytes + - LimitLOCKS= ulimit -x Number of Locks + - LimitSIGPENDING= ulimit -i Number of Queued Signals + - LimitMSGQUEUE= ulimit -q Bytes + - LimitNICE= ulimit -e Nice Level + - LimitRTPRIO= ulimit -r Realtime Priority + - LimitRTTIME= - No equivalent + ulimit -R Microseconds + -