The default file descriptor limit (ulimit -n 1024) is too low
Kees Cook
kees at ubuntu.com
Fri Nov 5 21:21:20 GMT 2010
On Fri, Nov 05, 2010 at 01:46:23PM -0700, Steve Langasek wrote:
> We should also fix it so pam_limits is able to grab the kernel default
> limits from somewhere, instead of hard-coding these at compile time. I
> think you suggested reading /proc/1/limits for this, though it's less than
> ideal to be parsing this file to get that info.
Well, the text there is unlikely to change, but it would be nice to have a
more stable result. On the other hand, reading from /proc/1/limits means
that per-container PAM would get the "right" limits, based on that
container's init process.
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-devel
mailing list