From patchwork Thu Oct 21 12:01:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 33997 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 3628927BBE1; Thu, 21 Oct 2021 13:02:19 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,T_DKIM_INVALID, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 85D8627BBE1 for ; Thu, 21 Oct 2021 13:02:18 +0100 (BST) Received: from localhost ([::1]:34656 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mdWm1-0003Gs-IU for patchwork@mira.cbaines.net; Thu, 21 Oct 2021 08:02:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52272) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdWlm-0003D2-Pv for guix-patches@gnu.org; Thu, 21 Oct 2021 08:02:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:44799) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mdWlm-0001aj-Gl for guix-patches@gnu.org; Thu, 21 Oct 2021 08:02:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mdWlm-00046Z-AM for guix-patches@gnu.org; Thu, 21 Oct 2021 08:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#51315] [PATCH v2] services: tor: Raise file descriptor ulimit. References: <20211021115622.826-1-me@tobias.gr> In-Reply-To: <20211021115622.826-1-me@tobias.gr> Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 21 Oct 2021 12:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51315 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 51315@debbugs.gnu.org Received: via spool by 51315-submit@debbugs.gnu.org id=B51315.163481767015710 (code B ref 51315); Thu, 21 Oct 2021 12:02:02 +0000 Received: (at 51315) by debbugs.gnu.org; 21 Oct 2021 12:01:10 +0000 Received: from localhost ([127.0.0.1]:56345 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdWkl-00044h-Ao for submit@debbugs.gnu.org; Thu, 21 Oct 2021 08:01:10 -0400 Received: from tobias.gr ([80.241.217.52]:53254) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdWkj-00044V-JI for 51315@debbugs.gnu.org; Thu, 21 Oct 2021 08:00:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=U1esVwiGQ3snW K3JqgHzOoG0jZHsH0W+ktq+L3A8Ckc=; h=date:subject:to:from; d=tobias.gr; b=APjgnGEX3nKKlIN2j5D7tU+4+xuFp6TjQV6CIj/ECzCKWCcgXK0UIRenNQabfVxAYP07 woL1HoUtysUp7pHamCRyVz7Sc4hHX52E/PtLVA6ZHWkVaFrse5LMqKfixVWf06U8S80n8W cQbzDxB6yKEDUjisARr/rX9a48/t3KpHz4XlZf6xz206A4zgJqJg/MvuXcZ+CP+YlubGLz d8DgDpVhfK2I4DjkHnFvCFU3Ys4rnT3FVDs9OWeC03hgkW7JtqGx5fPtHyRYY0yVoZHOHp jZQSogxlCzlVdL7ghvcNA7kNCji/xifvCSPk0BT9hP3rIYCWq+QKx8o+nJ7AZKZA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 10d2fac6 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <51315@debbugs.gnu.org>; Thu, 21 Oct 2021 12:00:52 +0000 (UTC) Date: Thu, 21 Oct 2021 14:01:03 +0200 Message-Id: <20211021120103.3891-1-me@tobias.gr> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice X-getmail-retrieved-from-mailbox: Patches * gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before launching Tor. --- ♪ …one of these days I'll send the right bleedin' patch… ♪ gnu/services/networking.scm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 7e310b70ec..5a8852f262 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1,24 +1,24 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016, 2018, 2020 Efraim Flashner ;;; Copyright © 2016 John Darrington ;;; Copyright © 2017 Clément Lassieur ;;; Copyright © 2017 Thomas Danckaert ;;; Copyright © 2017, 2018 Marius Bakke -;;; Copyright © 2018 Tobias Geerinckx-Rice +;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice ;;; Copyright © 2018 Chris Marusich ;;; Copyright © 2018 Arun Isaac ;;; Copyright © 2019 Florian Pelz ;;; Copyright © 2019, 2021 Maxim Cournoyer ;;; Copyright © 2019 Sou Bunnbu ;;; Copyright © 2019 Alex Griffin ;;; Copyright © 2020 Brice Waegeneire ;;; Copyright © 2021 Oleg Pykhalov ;;; Copyright © 2021 Christine Lemmer-Webber ;;; Copyright © 2021 Maxime Devos ;;; Copyright © 2021 Guillaume Le Vaillant ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it @@ -948,32 +948,40 @@ (define (tor-shepherd-service config) (($ tor) (let ((torrc (tor-configuration->torrc config))) (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) (list (shepherd-service (provision '(tor)) ;; Tor needs at least one network interface to be up, hence the ;; dependency on 'loopback'. (requirement '(user-processes loopback syslogd)) (modules '((gnu build shepherd) (gnu system file-systems))) + ;; The file descriptor ulimit must be raised in the + ;; environment from which the daemon is launched; see + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING + ;; The exact number is somewhat arbitrary but taken from + ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40 (start #~(make-forkexec-constructor/container - (list #$(file-append tor "/bin/tor") "-f" #$torrc) + (list #$(file-append bash "/bin/bash") "-c" + (string-append "ulimit -n 32768; exec " + #$(file-append tor "/bin/tor") + " -f " #$torrc)) #:log-file "/var/log/tor.log" #:mappings (list (file-system-mapping (source "/var/lib/tor") (target source) (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog (target source)) (file-system-mapping (source "/var/run/tor") (target source) (writable? #t))) #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor))