diff mbox series

[bug#51315,v2] services: tor: Raise file descriptor ulimit.

Message ID 20211021120103.3891-1-me@tobias.gr
State New
Headers show
Series [bug#51315,v2] services: tor: Raise file descriptor ulimit. | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch success View Laminar job
cbaines/issue success View issue

Commit Message

Tobias Geerinckx-Rice Oct. 21, 2021, 12:01 p.m. UTC
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---

♪ …one of these days I'll send the right bleedin' patch… ♪

 gnu/services/networking.scm | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

Comments

Ludovic Courtès Oct. 28, 2021, 6:43 p.m. UTC | #1
Hello!

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

> +                ;; The file descriptor ulimit must be raised in the
> +                ;; environment from which the daemon is launched; see
> +                ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
> +                ;; The exact number is somewhat arbitrary but taken from
> +                ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
>                  (start #~(make-forkexec-constructor/container
> -                          (list #$(file-append tor "/bin/tor") "-f" #$torrc)
> +                          (list #$(file-append bash "/bin/bash") "-c"
> +                                (string-append "ulimit -n 32768; exec "
> +                                               #$(file-append tor "/bin/tor")
> +                                               " -f " #$torrc))

Instead of going through Bash, what about something like:

  (lambda _
    (let ((pid (fork+exec-command/container …)))
      (container-excursion* pid
                            (lambda () (setrlimit 'nofile 32768 32768)))
      pid))

?

Ludo’.
diff mbox series

Patch

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 7e310b70ec..5a8852f262 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1,24 +1,24 @@ 
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
 ;;; Copyright © 2019, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org>
 ;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 ;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2021 Christine Lemmer-Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
 ;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
 ;;; GNU Guix is free software; you can redistribute it and/or modify it
@@ -948,32 +948,40 @@  (define (tor-shepherd-service config)
     (($ <tor-configuration> tor)
      (let ((torrc (tor-configuration->torrc config)))
        (with-imported-modules (source-module-closure
                                '((gnu build shepherd)
                                  (gnu system file-systems)))
          (list (shepherd-service
                 (provision '(tor))
 
                 ;; Tor needs at least one network interface to be up, hence the
                 ;; dependency on 'loopback'.
                 (requirement '(user-processes loopback syslogd))
 
                 (modules '((gnu build shepherd)
                            (gnu system file-systems)))
 
+                ;; The file descriptor ulimit must be raised in the
+                ;; environment from which the daemon is launched; see
+                ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+                ;; The exact number is somewhat arbitrary but taken from
+                ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
                 (start #~(make-forkexec-constructor/container
-                          (list #$(file-append tor "/bin/tor") "-f" #$torrc)
+                          (list #$(file-append bash "/bin/bash") "-c"
+                                (string-append "ulimit -n 32768; exec "
+                                               #$(file-append tor "/bin/tor")
+                                               " -f " #$torrc))
 
                           #:log-file "/var/log/tor.log"
                           #:mappings (list (file-system-mapping
                                             (source "/var/lib/tor")
                                             (target source)
                                             (writable? #t))
                                            (file-system-mapping
                                             (source "/dev/log") ;for syslog
                                             (target source))
                                            (file-system-mapping
                                             (source "/var/run/tor")
                                             (target source)
                                             (writable? #t)))
                           #:pid-file "/var/run/tor/tor.pid"))
                 (stop #~(make-kill-destructor))