[PATCH] services: tor: Raise file descriptor ulimit.

  • Open
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Tobias Geerinckx-Rice
Severity
normal
T
T
Tobias Geerinckx-Rice wrote on 21 Oct 2021 13:56
(address . guix-patches@gnu.org)
20211021115622.826-1-me@tobias.gr
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---

Guix,

I got a kind mail from an authorised Torperson[0] that one of my nodes was running low on efdees. Sure enough, it was the Guix one.

This patch does the job, but boy, would I like to know if there's a better way to do it.

Kind regards,

T G-R

[0]: Yes, I did bite their official-looking badge to make sure it wasn't just someone trying to ingratiate themselves with incompetent relay operators.

gnu/services/networking.scm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

Toggle diff (48 lines)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index e19add927d..13150cb98e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -948,34 +948,40 @@ (define (tor-shepherd-service config)
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(modules '((gnu build shepherd)
(gnu system file-systems)))
+ ;; The file descriptor ulimit must be raised in the
+ ;; environment from which the daemon is launched; see
+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+ ;; The exact number is somewhat arbitrary but taken from
+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
(start #~(make-forkexec-constructor/container
(list #$(file-append bash "/bin/bash") "-c"
(string-append "ulimit -n 32768; exec "
- #$(file-append tor "/bin/tor") " -f " #$torrc))
+ #$(file-append tor "/bin/tor")
+ " -f " #$torrc))
#:log-file "/var/log/tor.log"
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
--
2.33.0
T
T
Tobias Geerinckx-Rice wrote on 21 Oct 2021 14:01
[PATCH v2] services: tor: Raise file descriptor ulimit.
(address . 51315@debbugs.gnu.org)
20211021120103.3891-1-me@tobias.gr
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---

? …one of these days I'll send the right bleedin' patch… ?

gnu/services/networking.scm | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)

Toggle diff (74 lines)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 7e310b70ec..5a8852f262 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1,24 +1,24 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
;;; Copyright © 2019, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org>
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2021 Christine Lemmer-Webber <cwebber@dustycloud.org>
;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
@@ -948,32 +948,40 @@ (define (tor-shepherd-service config)
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(modules '((gnu build shepherd)
(gnu system file-systems)))
+ ;; The file descriptor ulimit must be raised in the
+ ;; environment from which the daemon is launched; see
+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+ ;; The exact number is somewhat arbitrary but taken from
+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
(start #~(make-forkexec-constructor/container
- (list #$(file-append tor "/bin/tor") "-f" #$torrc)
+ (list #$(file-append bash "/bin/bash") "-c"
+ (string-append "ulimit -n 32768; exec "
+ #$(file-append tor "/bin/tor")
+ " -f " #$torrc))
#:log-file "/var/log/tor.log"
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
--
2.33.0
L
L
Ludovic Courtès wrote on 28 Oct 2021 20:43
Re: bug#51315: [PATCH] services: tor: Raise file descriptor ulimit.
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 51315@debbugs.gnu.org)
878ryd56td.fsf_-_@gnu.org
Hello!

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

Toggle quote (12 lines)
> + ;; The file descriptor ulimit must be raised in the
> + ;; environment from which the daemon is launched; see
> + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
> + ;; The exact number is somewhat arbitrary but taken from
> + ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
> (start #~(make-forkexec-constructor/container
> - (list #$(file-append tor "/bin/tor") "-f" #$torrc)
> + (list #$(file-append bash "/bin/bash") "-c"
> + (string-append "ulimit -n 32768; exec "
> + #$(file-append tor "/bin/tor")
> + " -f " #$torrc))

Instead of going through Bash, what about something like:

(lambda _
(let ((pid (fork+exec-command/container …)))
(container-excursion* pid
(lambda () (setrlimit 'nofile 32768 32768)))
pid))

?

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 51315@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 51315
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch