2.4.17 --> 2.5.3

ellie timoney ellie at fastmail.com
Sun Sep 20 21:27:11 EDT 2015


Hi Patrick,

> Second, where is this coming from?
> 
>    Sep 19 05:44:54 toad cyrus/master[22860]: setrlimit: Unable to set 
> file descriptors limit to -1: Operation not permitted

This one is interesting.

Resource limits have a "current" and a "maximum" value.  Processes with
suitable capabilities(7) privileges can set their current and maximum
values to whatever they want.  Processes without may change their
current value, but only if it doesn't exceed their maximum; and may
decrease their maximum value, but never increase it (even if they have
previously decreased it).

The master process is trying to set its own file descriptor limit
(RLIMIT_NOFILE -- I believe this is to be read as "Number of Open
files"), both "current" and "maximum", to RLIM_INFINITY.  The request is
being rejected though, so it tries again but using the existing maximum
value (4096) instead, and that succeeds.

At this point, I believe master is still running as root (it doesn't
become_cyrus() until a little while later), so it's curious that the
request is being rejected.  I would have assumed processes running as
root have the capability to do this...

The capability in question for setting resource limits is called
CAP_SYS_RESOURCE.  Looking around online, there's a few threads on
stackoverflow, serverfault et al asking how to assign this capability to
processes running as root, so we're not the only ones finding it
unexpectedly denied.  Looks like it can be set manually on a file by
file basis using the setcap(8) command, so perhaps setting it for your
master binary would tidy this up.  I have no idea what other
ramifications this might have, so it's at your own risk if you do this.

If you hadn't seen this before on 2.4.17, maybe it was because you were
running an older kernel?  Capabilities seem to have appeared in Linux
around 2.2 but weren't quite complete until around 2.6.24, if I'm
reading capabilities(7) correctly.  This code path hasn't changed in
cyrus between 2.4.17 and 2.5.6 and looks like it's been fairly static
since 2002....

I notice that our code for increasing the current and maximum value of
this limit tries to set both to RLIM_INFINITY in the same setrlimit
call.  I'm wondering if we need to actually set the maximum to
RLIM_INFINITY with one call, and then set the current in a subsequent
call.  I'll experiment with this a bit and see what happens.

For what it's worth, I don't think it's cause for concern, but it's
pinging me too so I'll have a little rummage and see what shakes out.

Cheers,

ellie

On Sat, Sep 19, 2015, at 10:00 PM, Patrick Goetz wrote:
> I recall Bron telling us that the upgrade from 2.4.x to 2.5.x would be 
> completely painless.  That was mostly, but not completely true.
> 
> A bunch of variable names in /etc/cyrus/imapd.conf changed (OK, that was 
> easy to fix), and the upgrade did mostly work out of the box.  There was 
> one issue, however, and there are some new and improved error messages 
> in the logs that I'm sufficiently OCD to have questions about.
> 
> 
> One one of my installs, I had this line in /etc/cyrus.conf:
> 
>    squatter_a  cmd="/usr/sbin/squatter" at=0517
> 
> 
> This worked for 2.4.17, but caused cyrus-master to fail to start with 
> this error message:
> 
>    Sep 19 05:27:58 www cyrus/master[29646]: configuration file 
> /etc/cyrus/cyrus.conf: bad character '_' in name on line 57
>    Sep 19 05:27:58 www systemd[1]: cyrus-master.service: Main process 
> exited, code=exited, status=78/n/a
> 
> For the time being, I just commented out the squatter line. I'm unclear 
> on how necessary it is to re-index the mailboxes every day.  If 
> necessary/useful, did the syntax for this command change?
> 
> Also, I'm now getting these warnings (maybe some were there for 2.4.17, 
> I can't remember):
> 
> ---------------------------
> Sep 19 05:44:54 toad systemd[1]: Starting Cyrus IMAP mail server...
> Sep 19 05:44:54 toad cyrus/master[22860]: setrlimit: Unable to set file 
> descriptors limit to -1: Operation not permitted
> Sep 19 05:44:54 toad cyrus/master[22860]: retrying with 4096 (current
> max)
> Sep 19 05:44:54 toad systemd[1]: Started Cyrus IMAP mail server.
> Sep 19 05:44:54 toad cyrus/ctl_cyrusdb[22861]: skiplist: clean shutdown 
> file missing, updating recovery stamp
> Sep 19 05:44:54 toad cyrus/ctl_cyrusdb[22861]: recovering cyrus databases
> Sep 19 05:44:54 toad cyrus/ctl_cyrusdb[22861]: done recovering cyrus 
> databases
> Sep 19 05:44:54 toad cyrus/master[22860]: unable to open imap/ipv6 
> socket: Address family not supported by protocol
> Sep 19 05:44:54 toad cyrus/master[22860]: unable to open imaps/ipv6 
> socket: Address family not supported by protocol
> Sep 19 05:44:54 toad cyrus/master[22860]: unable to open sieve/ipv6 
> socket: Address family not supported by protocol
> Sep 19 05:44:54 toad cyrus/master[22860]: unable to setsocketopt(IP_TOS) 
> service lmtpunix/unix: Operation not supported
> -----------------------------
> 
> We're not using ipv6 -- is there any way to let cyrus know so that it 
> doesn't freak out?
> 
> 
> Second, where is this coming from?
> 
>    Sep 19 05:44:54 toad cyrus/master[22860]: setrlimit: Unable to set 
> file descriptors limit to -1: Operation not permitted
> 
> 
> Finally, should I worry about this?
> 
>    setsocketopt(IP_TOS) service lmtpunix/unix: Operation not supported
> 
> 
> Thanks.
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


More information about the Info-cyrus mailing list