Maintained by: NLnet Labs

[Unbound-users] unbound should probably manage other RLIMITs as well...

Florian Weimer
Thu Oct 29 18:14:28 CET 2009


* Greg A. Woods:

> I really can't see the sense (in the server realm at least, and
> especially outside of the low-end embedded world) of trying to use a
> server in production that didn't support some kind of per-process
> resource limit controls, and if I'm not mistaken all modern POSIX-like
> server OS platforms do support such controls, and mostly in a way
> directly compatible with getrlimit(2)/setrlimit(2).

On the other hand, most server software does NOT cope gracefully with
resource allocation failures (there's a popular enterprise software
stack which requires a server restart if a memory allocation failure
occurs, for instance).

(And for historic reasons, most DNS resolvers do not run with
configured cache size limits.)

> Note that getrlimit() and setrlimit() have been part of the Single UNIX
> Specification in Version 2 since 1997, that's well over a decade now:
>
> 	http://opengroup.org/onlinepubs/007908799/xsh/getrlimit.html
>
> It's not really relevant whether any given kernel or environment does
> set such limits by default or not, just so long as they can be set.

I think those limits are only meaningful if you implement your own
memory allocator.  You can't really know why you're approaching the
process limit if all you do is call malloc to get heap blocks of
varying lengths.  Operating systems and OS versions vary wildly.