Bug 133675 - max rss is not enforced
max rss is not enforced
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-25 23:01 EDT by Phil Anderson
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-07 08:10:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Phil Anderson 2004-09-25 23:01:52 EDT
The rss item in in pam_limits is not enforced.  I'm guessing that this
bug isn't really a pam_limits bug, as ulimit -m doesn't work either.

If this isn't supported, then it should be (at minimum):
-> Removed from the default limits.conf
-> ulimit -m disabled in bash/etc
-> A note added to the pam_limits documentation
Comment 1 Tomas Mraz 2004-10-04 07:57:00 EDT
ulimit -m works fine here. 
However I haven't tested setting it via the limits.conf yet.
Comment 2 Phil Anderson 2004-10-04 09:27:28 EDT
Tomas,
Maybe my understanding of what ulimit -m does is wrong.

My understanding is that if I start any app in an environment of
ulimit -m 1024, it should only be allowed to use up 1Mb of resident
memory?

i.e. run ulimit -m 1024, then start some memory hungry app.  top will
show that it has a RSS of more than 1Mb.

Or am I on the wrong track here?
Comment 3 Tomas Mraz 2004-10-05 02:19:34 EDT
Ah, you are right, the limit is there but it isn't enforced by the kernel.
See:
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&selm=2pU4q-6n6-27%40gated-at.bofh.it

for the patch which enforces it.

However we won't remove the functionality from pam and ulimit. But
maybe it should be mentioned in some doc that the limit isn't enforced.

Note You need to log in before you can comment on or make changes to this bug.