[systemd-devel] pid 1 memlock setting configurable?

Kees Bos cornelis.bos at gmail.com
Thu May 23 05:32:22 UTC 2019


Hi all,

I couldn't find it with google, and before digging in the code just a
quick question. Probably someone knows it in the top of h(is|er)
head...

It seems that systemd drops rlimit_memlock on startup. Correct? And if
so, is it configurable?


Explanation for the question:
In an unprivileged container I can set the memlock config lower than
16MB (16777216 bytes), but not higher. That is, i can configure it, but
effectively the systemd process (pid 1) will never have a limit higher
than 16MB. Since it's an unprivileged container (and thus a fake 'root'
user), that limit also becomes the max for all spawned processes
(including services).

Cheers,

Kees



More information about the systemd-devel mailing list