Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   Setting max open files inside a chroot (http://www.linux-archive.org/debian-user/428271-setting-max-open-files-inside-chroot.html)

09-17-2010 12:50 PM

Setting max open files inside a chroot
 
This question was posted on Serverfault.com[1] by me but I did not get
any responses. Any help appreciated.

I have setup the limits in the host (the chroot being the guest) via
/etc/security/limits.conf and that works just fine:

$ ulimit -n
65535

However, inside the chroot it is still the old value

$ sudo chroot /opt/id/epsilon/
# ulimit -n
1024

I have this in the /etc/security/limits.conf in the chroot too but it
seems to have no effect.

* soft nofile 65535
* hard nofile 65535

pam_limits.so is enabled for login and sudo inside the chroot. Are there
others I should enable it for ?


Footnotes:
[1] http://serverfault.com/questions/182098/setting-max-open-files-inside-a-chroot

--
Alok



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87hbhomt4j.fsf@euclid.localdomain">http://lists.debian.org/87hbhomt4j.fsf@euclid.localdomain

Bob Proulx 09-18-2010 05:01 AM

Setting max open files inside a chroot
 
Alok G. Singh wrote:
> I have setup the limits in the host (the chroot being the guest) via
> /etc/security/limits.conf and that works just fine:
>
> $ ulimit -n
> 65535

It works because you logged in which uses PAM and libpam set the
limits that you configured in the PAM configuration.

> However, inside the chroot it is still the old value
>
> $ sudo chroot /opt/id/epsilon/
> # ulimit -n
> 1024
>
> I have this in the /etc/security/limits.conf in the chroot too but it
> seems to have no effect.

Right. You are setting PAM configuration. But chroot doesn't use PAM
and so it has no effect. Using 'chroot' then PAM is not involved at
all and therefore PAM configuration has no effect.

Since you did not provide a command it invoked your $SHELL inside the
chroot. But inside the chroot you can invoke a command that uses
pam. If you launch 'su' then su will use PAM and set up your PAM
configuration.

$ sudo chroot /opt/id/epsilon su

That invokes su inside the chroot. Since su uses PAM then the PAM
configuration should have effect. But I didn't test it. :-)

Try that.

Bob


All times are GMT. The time now is 10:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.