Discussion:
How do I set process memory ulimits system wide on OpenBSD?
Douglas Held
2011-01-01 14:54:48 UTC
Permalink
I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.

I find I can't allocate more than 1GB to any process as root. ksh
ulimit builtin provides me this when I try to set the hard limit
unlimited.

Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
root and then su my application user, the specified limit is
unattainable.

# ulimit -d
1048576
# ulimit -Hd unlimited
# ulimit -d unlimited
# ulimit -d
1048576
# su - xyz
$ ulimit -d
524288
$ ulimit -d 1024575
ksh: ulimit: exceeds allowable limit

Other operating systems have a configuration such as
/etc/security/limits.conf. What is the equivalent in OpenBSD?
--
Douglas Held
***@douglasheld.net
+447986527654
Tobias Ulmer
2011-01-01 15:23:13 UTC
Permalink
Post by Douglas Held
I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
I find I can't allocate more than 1GB to any process as root. ksh
ulimit builtin provides me this when I try to set the hard limit
unlimited.
1GB is the hard limit in the kernel (for i386). There are a number of
factors that play into this, the limitations of i386 with W^X, address
space randomisation, space for mmap, etc. Basically the price you pay
for OpenBSDs "invisible" security features.
Post by Douglas Held
Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
root and then su my application user, the specified limit is
unattainable.
# ulimit -d
1048576
# ulimit -Hd unlimited
# ulimit -d unlimited
# ulimit -d
1048576
# su - xyz
$ ulimit -d
524288
$ ulimit -d 1024575
ksh: ulimit: exceeds allowable limit
Other operating systems have a configuration such as
/etc/security/limits.conf. What is the equivalent in OpenBSD?
--
Douglas Held
+447986527654
Douglas Held
2011-01-01 15:53:09 UTC
Permalink
OK. 1GB hard limit, I can work with that.

What about the reduced limit for my non root user? For now I'll
simply carry out my processing as root, but this can hardly be
considered best practices.

Doug
Post by Tobias Ulmer
Post by Douglas Held
I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
I find I can't allocate more than 1GB to any process as root. ksh
ulimit builtin provides me this when I try to set the hard limit
unlimited.
1GB is the hard limit in the kernel (for i386). There are a number of
factors that play into this, the limitations of i386 with W^X, address
space randomisation, space for mmap, etc. Basically the price you pay
for OpenBSDs "invisible" security features.
Post by Douglas Held
Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
root and then su my application user, the specified limit is
unattainable.
# ulimit -d
1048576
# ulimit -Hd unlimited
# ulimit -d unlimited
# ulimit -d
1048576
# su - xyz
$ ulimit -d
524288
$ ulimit -d 1024575
ksh: ulimit: exceeds allowable limit
Other operating systems have a configuration such as
/etc/security/limits.conf. What is the equivalent in OpenBSD?
--
Douglas Held
+447986527654
--
Douglas Held
***@douglasheld.net
+447986527654
Tobias Ulmer
2011-01-01 16:30:12 UTC
Permalink
Post by Douglas Held
OK. 1GB hard limit, I can work with that.
What about the reduced limit for my non root user? For now I'll
simply carry out my processing as root, but this can hardly be
considered best practices.
Put the user in the "staff" class (login.conf(5), passwd(5)). The user
can then raise its limits.
Post by Douglas Held
Doug
Post by Tobias Ulmer
Post by Douglas Held
I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
I find I can't allocate more than 1GB to any process as root. ksh
ulimit builtin provides me this when I try to set the hard limit
unlimited.
1GB is the hard limit in the kernel (for i386). There are a number of
factors that play into this, the limitations of i386 with W^X, address
space randomisation, space for mmap, etc. Basically the price you pay
for OpenBSDs "invisible" security features.
Post by Douglas Held
Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
root and then su my application user, the specified limit is
unattainable.
# ulimit -d
1048576
# ulimit -Hd unlimited
# ulimit -d unlimited
# ulimit -d
1048576
# su - xyz
$ ulimit -d
524288
$ ulimit -d 1024575
ksh: ulimit: exceeds allowable limit
Other operating systems have a configuration such as
/etc/security/limits.conf. What is the equivalent in OpenBSD?
--
Douglas Held
+447986527654
--
Douglas Held
+447986527654
Ingo Schwarze
2011-01-01 16:14:34 UTC
Permalink
Hi Douglas,
Post by Douglas Held
I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
I find I can't allocate more than 1GB to any process as root. ksh
ulimit builtin provides me this when I try to set the hard limit
unlimited.
Even so, when I set the hard and soft limits for, say, 'ulimit -d' as
root and then su my application user, the specified limit is
unattainable.
# ulimit -d
1048576
# ulimit -Hd unlimited
# ulimit -d unlimited
# ulimit -d
1048576
# su - xyz
$ ulimit -d
524288
$ ulimit -d 1024575
ksh: ulimit: exceeds allowable limit
Other operating systems have a configuration such as
/etc/security/limits.conf. What is the equivalent in OpenBSD?
Have a look at login.conf(5).

Of course, that will only work as far up as supported by your
architecture.

Yours,
Ingo
Loading...