From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 21 07:56:33 2021 Received: (at submit) by debbugs.gnu.org; 21 Oct 2021 11:56:34 +0000 Received: from localhost ([127.0.0.1]:56339 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdWgT-0003vI-LR for submit@debbugs.gnu.org; Thu, 21 Oct 2021 07:56:33 -0400 Received: from lists.gnu.org ([209.51.188.17]:36874) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdWgQ-0003vA-TQ for submit@debbugs.gnu.org; Thu, 21 Oct 2021 07:56:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50810) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdWgQ-0002DI-J9 for guix-patches@gnu.org; Thu, 21 Oct 2021 07:56:30 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:32806) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdWgK-0000Qf-HQ for guix-patches@gnu.org; Thu, 21 Oct 2021 07:56:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=jTPw5gkr+RlWN xWWN0UcBpT6JEkHDq8b5RTBDpEBknE=; h=date:subject:to:from; d=tobias.gr; b=UQilb/PD04nCxBEJMpHK6l9fgEIoAFwtBWnRhdagaPrTjKPFXRmz5dTxbVG/R1XsKv+V UmLXPjYNohEw5zOWknv/MxY2pGKum1/Gj10uUPfjKnRxhV3W/hMH1yHJXYmYKevGJAv6dH VM8tOxBoE+T6Ppcav3+J4cXiP5mDS45kUd2ZJU2bU6I1xgBnmHWDLomP6x2VV5DeEKn9SK NEOBUGIdk97n/1ZQkNvl0rNTaSh9ZFmKROmHB+VuWvVifeLrKUHzuREyto7TGYwNeuPfmb BHmH8Ayy55gx94bOw1jYb0tDgZGK3OgtsfuEpPFhoq3+YqJKvQUXn1a7whGck1UQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 801422dd (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Thu, 21 Oct 2021 11:56:15 +0000 (UTC) From: Tobias Geerinckx-Rice To: guix-patches@gnu.org Subject: [PATCH] services: tor: Raise file descriptor ulimit. Date: Thu, 21 Oct 2021 13:56:22 +0200 Message-Id: <20211021115622.826-1-me@tobias.gr> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) * gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before launching Tor. --- Guix, I got a kind mail from an authorised Torperson[0] that one of my nodes was running low on efdees. Sure enough, it was the Guix one. This patch does the job, but boy, would I like to know if there's a better way to do it. Kind regards, T G-R [0]: Yes, I did bite their official-looking badge to make sure it wasn't just someone trying to ingratiate themselves with incompetent relay operators. gnu/services/networking.scm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index e19add927d..13150cb98e 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -948,34 +948,40 @@ (define (tor-shepherd-service config) (($ tor) (let ((torrc (tor-configuration->torrc config))) (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) (list (shepherd-service (provision '(tor)) ;; Tor needs at least one network interface to be up, hence the ;; dependency on 'loopback'. (requirement '(user-processes loopback syslogd)) (modules '((gnu build shepherd) (gnu system file-systems))) + ;; The file descriptor ulimit must be raised in the + ;; environment from which the daemon is launched; see + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING + ;; The exact number is somewhat arbitrary but taken from + ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40 (start #~(make-forkexec-constructor/container (list #$(file-append bash "/bin/bash") "-c" (string-append "ulimit -n 32768; exec " - #$(file-append tor "/bin/tor") " -f " #$torrc)) + #$(file-append tor "/bin/tor") + " -f " #$torrc)) #:log-file "/var/log/tor.log" #:mappings (list (file-system-mapping (source "/var/lib/tor") (target source) (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog (target source)) (file-system-mapping (source "/var/run/tor") (target source) (writable? #t))) #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor)) -- 2.33.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 21 08:01:10 2021 Received: (at 51315) by debbugs.gnu.org; 21 Oct 2021 12:01:10 +0000 Received: from localhost ([127.0.0.1]:56345 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdWkl-00044h-Ao for submit@debbugs.gnu.org; Thu, 21 Oct 2021 08:01:10 -0400 Received: from tobias.gr ([80.241.217.52]:53254) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdWkj-00044V-JI for 51315@debbugs.gnu.org; Thu, 21 Oct 2021 08:00:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=U1esVwiGQ3snW K3JqgHzOoG0jZHsH0W+ktq+L3A8Ckc=; h=date:subject:to:from; d=tobias.gr; b=APjgnGEX3nKKlIN2j5D7tU+4+xuFp6TjQV6CIj/ECzCKWCcgXK0UIRenNQabfVxAYP07 woL1HoUtysUp7pHamCRyVz7Sc4hHX52E/PtLVA6ZHWkVaFrse5LMqKfixVWf06U8S80n8W cQbzDxB6yKEDUjisARr/rX9a48/t3KpHz4XlZf6xz206A4zgJqJg/MvuXcZ+CP+YlubGLz d8DgDpVhfK2I4DjkHnFvCFU3Ys4rnT3FVDs9OWeC03hgkW7JtqGx5fPtHyRYY0yVoZHOHp jZQSogxlCzlVdL7ghvcNA7kNCji/xifvCSPk0BT9hP3rIYCWq+QKx8o+nJ7AZKZA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 10d2fac6 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <51315@debbugs.gnu.org>; Thu, 21 Oct 2021 12:00:52 +0000 (UTC) From: Tobias Geerinckx-Rice To: 51315@debbugs.gnu.org Subject: [PATCH v2] services: tor: Raise file descriptor ulimit. Date: Thu, 21 Oct 2021 14:01:03 +0200 Message-Id: <20211021120103.3891-1-me@tobias.gr> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 51315 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before launching Tor. --- ♪ …one of these days I'll send the right bleedin' patch… ♪ gnu/services/networking.scm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 7e310b70ec..5a8852f262 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1,24 +1,24 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016, 2018, 2020 Efraim Flashner ;;; Copyright © 2016 John Darrington ;;; Copyright © 2017 Clément Lassieur ;;; Copyright © 2017 Thomas Danckaert ;;; Copyright © 2017, 2018 Marius Bakke -;;; Copyright © 2018 Tobias Geerinckx-Rice +;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice ;;; Copyright © 2018 Chris Marusich ;;; Copyright © 2018 Arun Isaac ;;; Copyright © 2019 Florian Pelz ;;; Copyright © 2019, 2021 Maxim Cournoyer ;;; Copyright © 2019 Sou Bunnbu ;;; Copyright © 2019 Alex Griffin ;;; Copyright © 2020 Brice Waegeneire ;;; Copyright © 2021 Oleg Pykhalov ;;; Copyright © 2021 Christine Lemmer-Webber ;;; Copyright © 2021 Maxime Devos ;;; Copyright © 2021 Guillaume Le Vaillant ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it @@ -948,32 +948,40 @@ (define (tor-shepherd-service config) (($ tor) (let ((torrc (tor-configuration->torrc config))) (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) (list (shepherd-service (provision '(tor)) ;; Tor needs at least one network interface to be up, hence the ;; dependency on 'loopback'. (requirement '(user-processes loopback syslogd)) (modules '((gnu build shepherd) (gnu system file-systems))) + ;; The file descriptor ulimit must be raised in the + ;; environment from which the daemon is launched; see + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING + ;; The exact number is somewhat arbitrary but taken from + ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40 (start #~(make-forkexec-constructor/container - (list #$(file-append tor "/bin/tor") "-f" #$torrc) + (list #$(file-append bash "/bin/bash") "-c" + (string-append "ulimit -n 32768; exec " + #$(file-append tor "/bin/tor") + " -f " #$torrc)) #:log-file "/var/log/tor.log" #:mappings (list (file-system-mapping (source "/var/lib/tor") (target source) (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog (target source)) (file-system-mapping (source "/var/run/tor") (target source) (writable? #t))) #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor)) -- 2.33.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 28 14:43:21 2021 Received: (at 51315) by debbugs.gnu.org; 28 Oct 2021 18:43:21 +0000 Received: from localhost ([127.0.0.1]:53167 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mgAMz-0000gy-Bw for submit@debbugs.gnu.org; Thu, 28 Oct 2021 14:43:21 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34538) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mgAMx-0000gl-JW for 51315@debbugs.gnu.org; Thu, 28 Oct 2021 14:43:20 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59990) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mgAMr-0001NX-G0; Thu, 28 Oct 2021 14:43:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=vzAg5bVSeznTkLTi6OiUTQqPGf7zkT4P7JTi2WD4P7E=; b=B6NPnfB/ZHonlMGlOkni bDG9uDkTynL9LKwBqyrGFt3UX8IKzBTTJn8h3rE2QVz1iziapLsX9nNyayibcX6JDPLTUwocp6m6U sWXUdX4BIenZzC37YRohBVKfK/6uETn+HJnXaeROi0T9aprU4rpoE+DwwIZbu4GaB3QrzOffOpCEY lUP8f6et9rTSOEqcYs1a10LdI6uQbVFrjYxm/KeYw+WAGjD75zGWZm8KhjfKkmE9n9aX1YvsavgB/ QRgUlwNI0sd5XEWgklVeYDGJHDVd3qFA9aUe1ieNAjjSj6N+aNMo1PK/FVSKRgLPVhtBaHzz209zO 8Q46A1iRWkOnHA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:54850 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mgAMr-0005sR-3q; Thu, 28 Oct 2021 14:43:13 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Tobias Geerinckx-Rice Subject: Re: bug#51315: [PATCH] services: tor: Raise file descriptor ulimit. References: <20211021115622.826-1-me@tobias.gr> <20211021120103.3891-1-me@tobias.gr> Date: Thu, 28 Oct 2021 20:43:10 +0200 In-Reply-To: <20211021120103.3891-1-me@tobias.gr> (Tobias Geerinckx-Rice's message of "Thu, 21 Oct 2021 14:01:03 +0200") Message-ID: <878ryd56td.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 51315 Cc: 51315@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! Tobias Geerinckx-Rice skribis: > + ;; The file descriptor ulimit must be raised in the > + ;; environment from which the daemon is launched; see > + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING > + ;; The exact number is somewhat arbitrary but taken from > + ;; https://gitweb.torproject.org/debian/tor.git/tree/deb= ian/tor.init#n40 > (start #~(make-forkexec-constructor/container > - (list #$(file-append tor "/bin/tor") "-f" #$to= rrc) > + (list #$(file-append bash "/bin/bash") "-c" > + (string-append "ulimit -n 32768; exec " > + #$(file-append tor "/bin/= tor") > + " -f " #$torrc)) Instead of going through Bash, what about something like: (lambda _ (let ((pid (fork+exec-command/container =E2=80=A6))) (container-excursion* pid (lambda () (setrlimit 'nofile 32768 32768))) pid)) ? Ludo=E2=80=99.