upstart jobs do not respect /etc/security/limits.conf

Bug #938669 reported by panticz.de
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
CUPS
New
Undecided
Unassigned
MySQL Server
New
Undecided
Unassigned
upstart
Invalid
Undecided
Unassigned
upstart (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I run a terminalserver under Ubuntu 11.10 (oneiric) and CUPS 1.5.0-8ubuntu6. Unfortunately i get "Max clients reached, holding new connections..." error.

I try to increase the MaxClients value to 8192 in /etc/cups/cupsd.conf (and LogLevel to debug) but CUPS reduces this to 1/3 of file descriptor limit from the system with is by default 1024:

/var/log/cups/error_log
I [22/Feb/2012:12:02:37 +0100] Using default TempDir of /var/spool/cups/tmp...
I [22/Feb/2012:12:02:37 +0100] MaxClients limited to 1/3 (341) of the file descriptor limit (1024)...
I [22/Feb/2012:12:02:37 +0100] Configured for up to 341 clients.

Also i try to set higher file descriptor limit in /etc/security/limits.conf
root hard nofile 64000
root soft nofile 64000

and also add "session required pam_limits.so" to /etc/pam.d/common-session but CUPS set still MaxClients to 341.

Ulimit seams to works fine:
root@ts:~# ulimit -n
64000

Before i upgrade to Oneiric i have same configuration on Ubuntu 10.04 Lucid and CUPS 1.4.3-1ubuntu1 with works fine.

This seams to by a similar bug to:
https://bugzilla.redhat.com/show_bug.cgi?id=446023

Lets me know if you need some more information.

BR Pawel

Revision history for this message
panticz.de (panticz.de) wrote :
Download full text (4.2 KiB)

Here, an additional test Test. A new / clean Ubuntu Lucid installation:

root@ts3:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 10.04.4 LTS
Release: 10.04
Codename: lucid

I set this limits in /etc/security/limits.conf
root hard nofile 65536
root soft nofile 65536

root@ts3:~# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 20
file size (blocks, -f) unlimited
pending signals (-i) 16382
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65536
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

root@ts3:~# dpkg -l "cups*"
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii cups 1.4.3-1ubuntu1 Common UNIX Printing System(tm) - server
un cups-bsd <none> (no description available)
ii cups-client 1.4.3-1ubuntu1 Common UNIX Printing System(tm) - client pro
ii cups-common 1.4.3-1ubuntu1 Common UNIX Printing System(tm) - common fil
ii cups-driver-gu 5.2.5-0ubuntu1 printer drivers for CUPS
un cups-pdf <none> (no description available)
un cups-ppdc <none> (no description available)
un cups-pt <none> (no description available)
un cupsddk <none> (no description available)
un cupsddk-driver <none> (no description available)
un cupsomatic-ppd <none> (no description available)
un cupsys <none> (no description available)
un cupsys-bsd <none> (no description available)
un cupsys-client <none> (no description available)
un cupsys-common <none> (no description available)
un cupsys-driver- <none> (no description available)

CPUS changes in /etc/cups/cupsd.conf:
LogLevel debug
MaxClients 32768

CUPS 1.4.3-1ubuntu1 works fine, like expected:

root@ts3:~# grep Max /var/log/cups/error_log
I [22/Feb/2012:18:17:23 +0100] MaxClients limited to 1/3 (21845) of the file descriptor limit (65536)...

then i change the /etc/apt/sources.list from lucid to maverick and reinstall CUPS
apt-get install cups
...
The following packages will be upgraded:
cups cups-client cups-common libcups2

root@ts3:~# dpkg -l "cups*"
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii cups ...

Read more...

Revision history for this message
panticz.de (panticz.de) wrote :

Finaly, i found the solution for this problem.

Since Ubuntu Maverick CUPS will by startet by Upstart instead of init.d script. Unfortunately Upstart ignores the limits set in /etc/security/limits.conf. The solution for this problem is to set the limits in Upstart CUPS config file /etc/init/cups.conf e.g.:

limit nofile 4096 4096

After CUPS restart "/etc/init.d/cups restart" limits settings are back correctly:

grep Max /var/log/cups/error_log
I [23/Feb/2012:12:41:56 +0100] MaxClients limited to 1/3 (1365) of the file descriptor limit (4096)...

BR Pawel

panticz.de (panticz.de)
affects: cups (Ubuntu) → upstart (Ubuntu)
Martin Pitt (pitti)
Changed in upstart (Ubuntu):
status: New → Triaged
summary: - Can not increase MaxClients in cups (Max clients reached, holding new
- connections...)
+ upstart jobs do not inherit /etc/security/limits.conf
summary: - upstart jobs do not inherit /etc/security/limits.conf
+ upstart jobs do not respect /etc/security/limits.conf
Revision history for this message
Alexander Ponyatykh (lazyranma) wrote :

While "limit" stanza is a solution for system jobs, it doesn't work for user jobs if I want to increase hard limits. So far I haven't found any way to increase hard limits for user jobs.
I think, when starting a user job, upstart should apply limits from limits.conf using PAM or directly.

Revision history for this message
Steve Langasek (vorlon) wrote :

It's by design that upstart does not look at /etc/security/limits.conf for system jobs. PAM settings are only applied to user sessions, not to system services.

As Alexander comments, we do want to apply PAM limits to user jobs, something which is currently not implemented; but that's not what this bug report is about, so closing.

Changed in upstart (Ubuntu):
status: Triaged → Invalid
Changed in upstart:
status: New → Invalid
Revision history for this message
Van Stokes, Jr. (vstokes) wrote :

The fix around this issue is a poor solution. We were just hit hard with this very issue running MySQL server on Ubuntu 12.04 LTS. We increased the size of the server and the open files limit and Ubuntu would not honor it. It took many many man hours to stuble onto a post describing the problem and the solution.
Details can be found here: http://askubuntu.com/questions/288471/mysql-cant-open-files-after-updating-server-errno-24

Revision history for this message
Clint Byrum (clint-fewbar) wrote : Re: [Bug 938669] Re: upstart jobs do not respect /etc/security/limits.conf

Excerpts from Van Stokes, Jr.'s message of 2013-04-30 16:08:24 UTC:
> The fix around this issue is a poor solution. We were just hit hard with this very issue running MySQL server on Ubuntu 12.04 LTS. We increased the size of the server and the open files limit and Ubuntu would not honor it. It took many many man hours to stuble onto a post describing the problem and the solution.
> Details can be found here: http://askubuntu.com/questions/288471/mysql-cant-open-files-after-updating-server-errno-24
>

I can understand your frustration, this is a confusing area. However,
PAM is intended as a user oriented library, and daemons are by definition
not users.

In man limits.conf, it is clearly stated:

       Also, please note that all limit settings are set per login. They
       are not global, nor are they permanent; existing only for the
       duration of the session.

mysqld does not have a session, and should not have a session. If that
file worked for daemons in the past, it was by accident because they
were started directly from user sessions. This is precisely why upstart
has the ability to specify ulimits for system daemons like mysqld.

Note that sysctl could also be used to raise the system wide open
files limit.

Revision history for this message
Kai Mast (kai-mast) wrote :

Just wasted an hour on this issue :(

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.