Bug 1203731 - avahi-daemon won't start due to rlimit-nproc being too low
avahi-daemon won't start due to rlimit-nproc being too low
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: avahi (Show other bugs)
21
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lennart Poettering
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 1227052
  Show dependency treegraph
 
Reported: 2015-03-19 10:48 EDT by Richard Marko
Modified: 2016-01-31 21:23 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1227052 (view as bug list)
Environment:
Last Closed: 2015-03-20 06:48:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard Marko 2015-03-19 10:48:23 EDT
Description of problem:
Mar 19 15:36:30 grampi avahi-daemon[17498]: chroot.c: fork() failed: Resource temporarily unavailable
Mar 19 15:36:30 grampi avahi-daemon[17498]: failed to start chroot() helper daemon.

Adjusting rlimit-nproc=2 to higher number in /etc/avahi/avahi-daemon.conf
fixes this issue.

Version-Release number of selected component (if applicable):
avahi-0.6.31-30.fc21.x86_64

How reproducible:
Always

To reproduce start LXC container and try running avahi-daemon along with avahi-daemon running on host.

If there are avahi-daemons running in LXC then it even prevents starting of avahi-daemon on host.
Comment 1 Michal Sekletar 2015-03-20 06:48:26 EDT
I don't think there is anything which can be done about this in avahi. In struct_user in kernel there is a field,

atomic_t processes;	/* How many processes does this user have? */

Setting rlimit_nproc will set this field to two. Since avahi service by default spawns two processes then once you start it in container which *does not* use user namespace then you are screwed because you exhausted your limit which is per user. Then you can't start avahi on the host nor in any other container you might have.

To prevent this unfortunate behavior you can of course use user_ns. However once you go this road note that you are entering another realm of pain with current user_ns implementation. 

I'd say you'll be better off setting rlimit-nproc to higher number.

Note You need to log in before you can comment on or make changes to this bug.