michael orlitzky

Persistent ulimit for daemons in Gentoo

Symptoms

This happens when clamd doesn't have enough stack space:

Aug 1 10:57:41 mx1 clamd[1286]: pthread_create failed

This doesn't necessarily cause a resource overstep. The PaX team explains:

This can fail for several reasons, not enough RAM (depends on how overcommit is set), not enough address space (hardened/PIE and ASLR together change how big the holes in the address space end up, SEGMEXEC halves the address space), etc.

It's not a resource overstep but simply not enough virtual address space (either because it's too fragmented to fit such a big allocation or the free space is not enough itself).

In any case, setting ulimit -s unlimited for the clamd process fixes this particular error.

The Problem

We need the ulimit to persist for clamd across reboots.

Requirements

  1. The ulimit changes must take effect either every reboot, or every time clamd is started.
  2. We only want to set the ulimit for clamd. The rest of the system should be unaffected.
  3. We shouldn't have to modify the init script, /etc/init.d/clamd. The init scripts are overwritten frequently by portage, and since they are not typically customized, an administrator would likely clobber the customization.

The Solution

You can set rc_ulimit in the daemon conf file, /etc/conf.d/clamd. The syntax follows that of /etc/rc.conf. For example,

1
2
3
4
5
6
7
# /etc/conf.d/clamd

START_CLAMD=yes
START_FRESHCLAM=yes

# Prevent "pthread_create failed" errors.
rc_ulimit="-s unlimited"

Thanks to Graham Murray on gentoo-user for the solution.