diff options
| author | Topi Miettinen <toiwoton@gmail.com> | 2020-04-14 15:39:36 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-05-13 00:37:18 +0200 |
| commit | 7d85383edbab73274dc81cc888d884bb01070bc2 (patch) | |
| tree | 90330d1a7a1bceec1225c200de55d84d52889bf8 /src/volatile-root/volatile-root.c | |
| parent | update TODO (diff) | |
| download | systemd-7d85383edbab73274dc81cc888d884bb01070bc2.tar.xz systemd-7d85383edbab73274dc81cc888d884bb01070bc2.zip | |
tree-wide: add size limits for tmpfs mounts
Limit size of various tmpfs mounts to 10% of RAM, except volatile root and /var
to 25%. Another exception is made for /dev (also /devs for PrivateDevices) and
/sys/fs/cgroup since no (or very few) regular files are expected to be used.
In addition, since directories, symbolic links, device specials and xattrs are
not counted towards the size= limit, number of inodes is also limited
correspondingly: 4MB size translates to 1k of inodes (assuming 4k each), 10% of
RAM (using 16GB of RAM as baseline) translates to 400k and 25% to 1M inodes.
Because nr_inodes option can't use ratios like size option, there's an
unfortunate side effect that with small memory systems the limit may be on the
too large side. Also, on an extremely small device with only 256MB of RAM, 10%
of RAM for /run may not be enough for re-exec of PID1 because 16MB of free
space is required.
Diffstat (limited to 'src/volatile-root/volatile-root.c')
| -rw-r--r-- | src/volatile-root/volatile-root.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/volatile-root/volatile-root.c b/src/volatile-root/volatile-root.c index af78a87d6f..e55864d6cc 100644 --- a/src/volatile-root/volatile-root.c +++ b/src/volatile-root/volatile-root.c @@ -29,7 +29,7 @@ static int make_volatile(const char *path) { if (r < 0) return log_error_errno(r, "Couldn't generate volatile sysroot directory: %m"); - r = mount_verbose(LOG_ERR, "tmpfs", "/run/systemd/volatile-sysroot", "tmpfs", MS_STRICTATIME, "mode=755"); + r = mount_verbose(LOG_ERR, "tmpfs", "/run/systemd/volatile-sysroot", "tmpfs", MS_STRICTATIME, "mode=755" TMPFS_LIMITS_ROOTFS); if (r < 0) goto finish_rmdir; @@ -80,7 +80,7 @@ static int make_overlay(const char *path) { if (r < 0) return log_error_errno(r, "Couldn't create overlay sysroot directory: %m"); - r = mount_verbose(LOG_ERR, "tmpfs", "/run/systemd/overlay-sysroot", "tmpfs", MS_STRICTATIME, "mode=755"); + r = mount_verbose(LOG_ERR, "tmpfs", "/run/systemd/overlay-sysroot", "tmpfs", MS_STRICTATIME, "mode=755" TMPFS_LIMITS_ROOTFS); if (r < 0) goto finish; |