c0a8699820
On Python 2.x, a subprocess.Popen() with close_fds=True will
fork and then close filedescriptors range(3..os.sysconf("SC_OPEN_MAX")),
which thanks to Kernel PTI (Kaiser patches) is significantly slower
in 2018 when the range is very large. With a soft limit of 1048576,
benchmark.py reports an overhead of ~ 400ms without this patch and 2ms
with the patch applied. This patch adds a configuration option and
sets a more sensible default of 1024 file descriptor limit by default.
Closes-Bug: 1796267
Change-Id: Idd98c183eca3e2df8648fc0f37d27fe9cc6d0563
34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
# Configuration for rootwrap
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
[DEFAULT]
|
|
# List of directories to load filter definitions from (separated by ',').
|
|
# These directories MUST all be only writeable by root !
|
|
filters_path=/etc/oslo-rootwrap/filters.d,/usr/share/oslo-rootwrap
|
|
|
|
# List of directories to search executables in, in case filters do not
|
|
# explicitly specify a full path (separated by ',')
|
|
# If not specified, defaults to system PATH environment variable.
|
|
# These directories MUST all be only writeable by root !
|
|
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
|
|
|
|
# Enable logging to syslog
|
|
# Default value is False
|
|
use_syslog=False
|
|
|
|
# Which syslog facility to use.
|
|
# Valid values include auth, authpriv, syslog, user0, user1...
|
|
# Default value is 'syslog'
|
|
syslog_log_facility=syslog
|
|
|
|
# Which messages to log.
|
|
# INFO means log all usage
|
|
# ERROR means only log unsuccessful attempts
|
|
syslog_log_level=ERROR
|
|
|
|
# Rootwrap daemon exits after this seconds of inactivity
|
|
daemon_timeout=600
|
|
|
|
# Rootwrap daemon limits itself to that many file descriptors
|
|
rlimit_nofile=1024
|