On Tue, Aug 17, 2010 at 12:41:48PM -0400, Eric Paris wrote:
> On Thu, 2010-08-12 at 12:01 -0500, Rex Dieter wrote:
> > kde packagers received a request to consider shipping systems with a
> > higher (default) value of
> > /proc/sys/fs/inotify/max_user_watches
> > to allow for a better experience for noticing changes (notably when
> > using nepomuk indexing of content in users' homedir).
> >
> > The suggested value was something like 524288 (seems the default on f13
> > is 8192).
> >
> > A recent kde-sig meeting discussed the topic,
> >
http://fedoraproject.org/wiki/SIGs/KDE/Meetings/2010-07-27
> >
> > where mjg59 also agreed "It's probably justifiable to increase
it".
> >
> > So, any comments or objections implementing this (for f14)?
>
> I'm not opposed to it but this does allow used to allocate and hold
> kernel memory. The math is roughly 200 bytes per watch. So right now a
> normal user can only allocate about 200*8192 bytes which is about 1.6M
> of kernel memory. Not such a bad thing.
>
> Your suggestion would allow the user to allocate 200 * 524288 = 105M.
> On a 64bit system this might not matter, but on a 32bit system this is a
> substantial amount of the memory the kernel has.
>
> And these allocations are not counted against normal userspace limits.
>
> I'm not opposed to upping it, especially on x86_64, but maybe not quite
> that high....
ideally, when an application that cares about this is installed, it could
increase it via sysctl.conf
That default isn't a one size fits all. Regardless of what we set it to,
someone is going to want it smaller/bigger.
I think we want to be very careful how much we suggest $random-package
muck with sysctl. Ubuntu got a black eye since wine automatically
changed mmap_min_addr if it was installed. It's not always clear what
the implications of a change include. How many people on this list (the
kernel list) would have guessed that the suggestion here would allow
5-10 users completely DoS a 32 machine?
Rex, if you do decide to change it in sysctl lets try to keep it within
a factor of 10 or so? You might want to ask the upstream kernel
community what they think.
-Eric