Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

setrlimit(): Operation not permitted [core/uwsgi.c line 2157] #203

Closed
77cc33 opened this Issue · 7 comments

2 participants

77cc33 unbit
77cc33

ubuntu 12.04 lts 64 bit

I have /etc/security/limits.conf set as 135K

www-data hard nofile 133333
www-data soft nofile 133333
root hard nofile 133333
root soft nofile 133333

  • I enabled pam_security module, so when I log in as root or www-data - I have: ulimit -n 133333

but when I start uwsgi, it shows me:
detected max file descriptor number: 1024

I tried to set fd-max, and got this:
setrlimit(): Operation not permitted [core/uwsgi.c line 2157]
detected max file descriptor number: 1024

I start uwsgi as root with help of emperor and later set uid to www-data

is there some workaround to fix it ASAP?

unbit
Owner

every application wanting to use pam, must explicitely support it. You have to load the "pam" plugin and use --pam or --pam-user (based on your need). The pam plugin is not builtin by default but its only dependancies are the pam development headers.

unbit
Owner

in addition to this, remember you can set the max-fd in the emperor, and this limit will be inherited by vassal (without bothering with pam)

77cc33

I tried emperor, and it didn't work. it's my ubuntu upstart init script

Emperor uWSGI script

description "uWSGI Emperor";
start on runlevel [2345]
stop on runlevel [06]

exec uwsgi \
--master \
--die-on-term \
--emperor /etc/uwsgi \
--logto /var/log/uwsgi/emperor.log \
--logdate \
--auto-procname \
--no-orphans \
--need-app \
--max-fd 30000

and it's what I have in my emperor log
Fri Mar 29 07:48:48 2013 - detected max file descriptor number: 30000

and it what I have in application log
setrlimit(): Operation not permitted [core/uwsgi.c line 2157]
detected max file descriptor number: 1024

unbit
Owner

you are right, setrlimit is called too late, while it should be called before privileges drop, will be fixed in the next few minutes

unbit
Owner

hmm should be managed in another way, as it could be a security problem allowing the user to increase its max-fd before privileges drop. Will leave this open, i will post the solution as soon as possible

unbit
Owner

you can try with latest code from github and adding --max-fd to the emperor. The vassals wil inherit the limit.

From now on this is the blessed way

unbit unbit closed this
77cc33

thank you!

just wanted to aprove that it works now!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.