* Kamil Paral:
From a technical point of view I'm not able to judge whether
raising
the fileno limits by default is a trivial change or something with
important security implications.
It has implications for reliability (and perhaps security). File
descriptors can refer to sockets, and each socket can have a fairly
large amount of unswappable kernel memory associated with it. This
memory is not tracked along with the process that created the sockets or
has them opened, so the OOM killer does not take it into account when
selecting processes to terminate.
The attached script, when run with “python3 many-sockets.py 50000” as a
regular user, after raising the limit, tricks the OOM killer into
terminating processes. Important processes such as systemd-journal fail
because the OOM killer cannot recover any memory. It even terminates
processes which are already fully swapped out.
I think a reasonable file descriptor limit is an important safety net.
Thanks,
Florian