Red Hat Bugzilla – Bug 1203731
avahi-daemon won't start due to rlimit-nproc being too low
Last modified: 2016-01-31 21:23:25 EST
Description of problem:
Mar 19 15:36:30 grampi avahi-daemon: chroot.c: fork() failed: Resource temporarily unavailable
Mar 19 15:36:30 grampi avahi-daemon: failed to start chroot() helper daemon.
Adjusting rlimit-nproc=2 to higher number in /etc/avahi/avahi-daemon.conf
fixes this issue.
Version-Release number of selected component (if applicable):
To reproduce start LXC container and try running avahi-daemon along with avahi-daemon running on host.
If there are avahi-daemons running in LXC then it even prevents starting of avahi-daemon on host.
I don't think there is anything which can be done about this in avahi. In struct_user in kernel there is a field,
atomic_t processes; /* How many processes does this user have? */
Setting rlimit_nproc will set this field to two. Since avahi service by default spawns two processes then once you start it in container which *does not* use user namespace then you are screwed because you exhausted your limit which is per user. Then you can't start avahi on the host nor in any other container you might have.
To prevent this unfortunate behavior you can of course use user_ns. However once you go this road note that you are entering another realm of pain with current user_ns implementation.
I'd say you'll be better off setting rlimit-nproc to higher number.