Red Hat Bugzilla – Bug 1308423
/etc/security/limits.conf does not change memlock limit for regular user
Last modified: 2016-02-17 12:36:20 EST
In the past (FC20) we used to change limits.conf file to change the memlock value (ulimit -l). On FC23 that is not the case any more, and user's memlock is capped at 64 . The root account seems to be getting limits set correctly based on the limits file.
What other options do I have to control this? Is this feature blocked by some other setting?
I do not think there was ever a memlock entry in limits.conf by default that would apply to all users. It is possible but improbable that some other package is/was dropping a conf file into limits.d that would contain a memlock entry for all users.
On my system I see /etc/security/limits.d/95-jack.conf from jack-audio-connection-kit-1.9.10-3.fc23.x86_64 package that contains:
@jackuser - memlock 4194304
So that applies only to users from group jackuser.
There is no point in changing the defaults in the limits.conf, it would not apply to services only to regular user logins.
I used to add a line like this:
* - memlock unlimited
It should be a default 'memlock' for all the users. The comment in the file is clear that this should apply to regular user logins, not services. I do not need to have a config file under limits.d for this to work.
There were no other limits config files under limits.d that contained anything related to memlock. I played with various combinations of settings in limits.d/ files with no success.
There IS a point in changing limits for every user under /etc/security. We use infiniband libraries that require this.
Regardless of the need for this, do you think that this should work? If yes have you tried it on FC23?
Even though I probably do not need to reboot I still did it few times.
I just tried it on Centos 7.2.1511 (I only have older RHEL). Works as expected.
Where is the default memlock of 64 specified?
So we misunderstood each other - I thought you were talking about some package setting the default value not about manually changing the value in /etc/security/limits.conf by the sysadmin.
Yes, what you write in comment #2 should work fine. And indeed on my install of Fedora 23 it works. I tested it with console login and ssh login and for both sessions the limit is set to unlimited if I add the line from your comment in /etc/security/limits.conf.
Could you please test ssh and console login?
Also do you perhaps see some messages from SELinux? Can you try 'ausearch -m AVC -ts today'?
Console login worked. SSH did not. Tracked this down to the following change:
I guess if you don't use PAM you don't get pam_limits plugin.
Sorry for the trouble.