Re: [exim] exim4 needs CAP_SYS_RESOURCE?

Top Page
Delete this message
Reply to this message
Author: Michael Haardt
Date:  
To: exim-users
Subject: Re: [exim] exim4 needs CAP_SYS_RESOURCE?
> > > /* When started with root privilege, ensure that the limits on the number of
> > > open files and the number of processes (where that is accessible) are    
> > > sufficiently large, or are unset, in case Exim has been called from an      
> > > environment where the limits are screwed down. Not all OS have the ability to
> > > change some of these limits. */   


> > I discovered that this allways happens, if apache uses the exim4
> > binary.
> >
> > Question is: Can this behavior be disabled with some switch or
> > config change? www-data is a trusted user already, so that seems not
> > to be a solution...


I was about to suggest that Exim should only increase its limits,
if they are not large enough already, but the code already does that
partially.

  #ifdef RLIMIT_NOFILE
  if (getrlimit(RLIMIT_NOFILE, &rlp) < 0)
    rlp.rlim_cur = rlp.rlim_max = 0;


Just curious, why the above?

  if (rlp.rlim_cur < 1000)
    {
    rlp.rlim_cur = rlp.rlim_max = 1000;
    (void)setrlimit(RLIMIT_NOFILE, &rlp);
    }
  #endif


Does Apache start Exim with less than 1000 descriptors?

  #ifdef RLIMIT_NPROC
    #ifdef RLIM_INFINITY
    rlp.rlim_cur = rlp.rlim_max = RLIM_INFINITY;
    #else
    rlp.rlim_cur = rlp.rlim_max = 1000;
    #endif
  (void)setrlimit(RLIMIT_NPROC, &rlp);
  #endif


This part does not check if the limit is already set to RLIM_INFINITY
(or 1000 if not defined). May that cause the described problem?

Does anybody vote against checking the error code of setrlimit and
logging errors?

Michael