[systemd-devel] pid 1 memlock setting configurable?
Kees Bos
cornelis.bos at gmail.com
Thu May 23 05:32:22 UTC 2019
Hi all,
I couldn't find it with google, and before digging in the code just a
quick question. Probably someone knows it in the top of h(is|er)
head...
It seems that systemd drops rlimit_memlock on startup. Correct? And if
so, is it configurable?
Explanation for the question:
In an unprivileged container I can set the memlock config lower than
16MB (16777216 bytes), but not higher. That is, i can configure it, but
effectively the systemd process (pid 1) will never have a limit higher
than 16MB. Since it's an unprivileged container (and thus a fake 'root'
user), that limit also becomes the max for all spawned processes
(including services).
Cheers,
Kees
More information about the systemd-devel
mailing list