Bug 133675

Summary: max rss is not enforced
Product: [Fedora] Fedora Reporter: Phil Anderson <pza>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 2CC: t8m
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-07 12:10:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Phil Anderson 2004-09-26 03:01:52 UTC 
The rss item in in pam_limits is not enforced.  I'm guessing that this
bug isn't really a pam_limits bug, as ulimit -m doesn't work either.

If this isn't supported, then it should be (at minimum):
-> Removed from the default limits.conf
-> ulimit -m disabled in bash/etc
-> A note added to the pam_limits documentation
Comment 1 Tomas Mraz 2004-10-04 11:57:00 UTC 
ulimit -m works fine here. 
However I haven't tested setting it via the limits.conf yet.
Comment 2 Phil Anderson 2004-10-04 13:27:28 UTC 
Tomas,
Maybe my understanding of what ulimit -m does is wrong.

My understanding is that if I start any app in an environment of
ulimit -m 1024, it should only be allowed to use up 1Mb of resident
memory?

i.e. run ulimit -m 1024, then start some memory hungry app.  top will
show that it has a RSS of more than 1Mb.

Or am I on the wrong track here?
Comment 3 Tomas Mraz 2004-10-05 06:19:34 UTC 
Ah, you are right, the limit is there but it isn't enforced by the kernel.
See:
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&selm=2pU4q-6n6-27%40gated-at.bofh.it

for the patch which enforces it.

However we won't remove the functionality from pam and ulimit. But
maybe it should be mentioned in some doc that the limit isn't enforced.