GNU bug report logs - #51315
[PATCH] services: tor: Raise file descriptor ulimit.

Previous Next

Full log

View this message in rfc822 format

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: 51315 <at> debbugs.gnu.org
Subject: [bug#51315] [PATCH] services: tor: Raise file descriptor ulimit.
Date: Thu, 21 Oct 2021 13:56:22 +0200

* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---

Guix,

I got a kind mail from an authorised Torperson[0] that one of my nodes was running low on efdees.  Sure enough, it was the Guix one.

This patch does the job, but boy, would I like to know if there's a better way to do it.

Kind regards,

T G-R

[0]: Yes, I did bite their official-looking badge to make sure it wasn't just someone trying to ingratiate themselves with incompetent relay operators.

 gnu/services/networking.scm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index e19add927d..13150cb98e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -948,34 +948,40 @@ (define (tor-shepherd-service config)
     (($ <tor-configuration> tor)
      (let ((torrc (tor-configuration->torrc config)))
        (with-imported-modules (source-module-closure
                                '((gnu build shepherd)
                                  (gnu system file-systems)))
          (list (shepherd-service
                 (provision '(tor))
 
                 ;; Tor needs at least one network interface to be up, hence the
                 ;; dependency on 'loopback'.
                 (requirement '(user-processes loopback syslogd))
 
                 (modules '((gnu build shepherd)
                            (gnu system file-systems)))
 
+                ;; The file descriptor ulimit must be raised in the
+                ;; environment from which the daemon is launched; see
+                ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+                ;; The exact number is somewhat arbitrary but taken from
+                ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
                 (start #~(make-forkexec-constructor/container
                           (list #$(file-append bash "/bin/bash") "-c"
                                 (string-append "ulimit -n 32768; exec "
-                                               #$(file-append tor "/bin/tor") " -f " #$torrc))
+                                               #$(file-append tor "/bin/tor")
+                                               " -f " #$torrc))
 
                           #:log-file "/var/log/tor.log"
                           #:mappings (list (file-system-mapping
                                             (source "/var/lib/tor")
                                             (target source)
                                             (writable? #t))
                                            (file-system-mapping
                                             (source "/dev/log") ;for syslog
                                             (target source))
                                            (file-system-mapping
                                             (source "/var/run/tor")
                                             (target source)
                                             (writable? #t)))
                           #:pid-file "/var/run/tor/tor.pid"))
                 (stop #~(make-kill-destructor))
-- 
2.33.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.