Mark setting operating system limits from named.conf as ancient

After deprecating the operating system limits settings (coresize, datasize, files and stacksize), mark them as ancient and remove the code that sets the values from config.
2025-08-22 01:59:26 +00:00 · 2022-11-13 10:28:17 +01:00 · 2022-11-13 10:28:17 +01:00 · 0c62c0bdb7
commit 0c62c0bdb7
parent 0d3936646d
10 changed files with 7 additions and 143 deletions
--- a/bin/named/config.c
+++ b/bin/named/config.c
@ -50,16 +50,12 @@ options {\n\
 	answer-cookie true;\n\
 	automatic-interface-scan yes;\n\
 	bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
-#	blackhole {none;};\n"
-			    "	cookie-algorithm siphash24;\n"
-			    "	coresize default;\n\
-	datasize default;\n"
-			    "\
+#	blackhole {none;};\n\
+	cookie-algorithm siphash24;\n\
 #	directory <none>\n\
 	dnssec-policy \"none\";\n\
 	dump-file \"named_dump.db\";\n\
-	edns-udp-size 1232;\n\
-	files unlimited;\n"
+	edns-udp-size 1232;\n"
 #if defined(HAVE_GEOIP2)
 			    "\
 	geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP\";\n"
@ -115,7 +111,6 @@ options {\n\
 	session-keyalg hmac-sha256;\n\
 #	session-keyfile \"" NAMED_LOCALSTATEDIR "/run/named/session.key\";\n\
 	session-keyname local-ddns;\n\
-	stacksize default;\n\
 	startup-notify-rate 20;\n\
 	statistics-file \"named.stats\";\n\
 	tcp-advertised-timeout 300;\n\
--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@ -109,9 +109,6 @@ EXTERN cfg_aclconfctx_t *named_g_aclconfctx INIT(NULL);
 /*
 * Initial resource limits.
 */
-EXTERN isc_resourcevalue_t named_g_initstacksize INIT(0);
-EXTERN isc_resourcevalue_t named_g_initdatasize	 INIT(0);
-EXTERN isc_resourcevalue_t named_g_initcoresize	 INIT(0);
 EXTERN isc_resourcevalue_t named_g_initopenfiles INIT(0);

 /*
--- a/bin/named/main.c
+++ b/bin/named/main.c
@ -1219,15 +1219,6 @@ setup(void) {
 	/*
 	 * Get the initial resource limits.
 	 */
-	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_stacksize,
-					    &named_g_initstacksize) ==
-		      ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_datasize,
-					    &named_g_initdatasize) ==
-		      ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_coresize,
-					    &named_g_initcoresize) ==
-		      ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_openfiles,
 					    &named_g_initopenfiles) ==
 		      ISC_R_SUCCESS);
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -52,7 +52,6 @@
 #include <isc/portset.h>
 #include <isc/print.h>
 #include <isc/refcount.h>
-#include <isc/resource.h>
 #include <isc/result.h>
 #include <isc/signal.h>
 #include <isc/siphash.h>
@ -7438,51 +7437,6 @@ setoptstring(named_server_t *server, char **field, const cfg_obj_t *obj) {
 	}
 }

-static void
-set_limit(const cfg_obj_t **maps, const char *configname,
-	  const char *description, isc_resource_t resourceid,
-	  isc_resourcevalue_t defaultvalue) {
-	const cfg_obj_t *obj = NULL;
-	const char *resource;
-	isc_resourcevalue_t value;
-	isc_result_t result;
-
-	if (named_config_get(maps, configname, &obj) != ISC_R_SUCCESS) {
-		return;
-	}
-
-	if (cfg_obj_isstring(obj)) {
-		resource = cfg_obj_asstring(obj);
-		if (strcasecmp(resource, "unlimited") == 0) {
-			value = ISC_RESOURCE_UNLIMITED;
-		} else {
-			INSIST(strcasecmp(resource, "default") == 0);
-			value = defaultvalue;
-		}
-	} else {
-		value = cfg_obj_asuint64(obj);
-	}
-
-	result = isc_resource_setlimit(resourceid, value);
-	isc_log_write(
-		named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER,
-		result == ISC_R_SUCCESS ? ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
-		"set maximum %s to %" PRIu64 ": %s", description, value,
-		isc_result_totext(result));
-}
-
-#define SETLIMIT(cfgvar, resource, description)                       \
-	set_limit(maps, cfgvar, description, isc_resource_##resource, \
-		  named_g_init##resource)
-
-static void
-set_limits(const cfg_obj_t **maps) {
-	SETLIMIT("stacksize", stacksize, "stack size");
-	SETLIMIT("datasize", datasize, "data size");
-	SETLIMIT("coresize", coresize, "core size");
-	SETLIMIT("files", openfiles, "open files");
-}
-
 static void
 portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports,
 		 bool positive) {
@ -8575,11 +8529,6 @@ load_configuration(const char *filename, named_server_t *server,
 			      server->bindkeysfile);
 	}

-	/*
-	 * Set process limits, which (usually) needs to be done as root.
-	 */
-	set_limits(maps);
-
 	/*
 	 * Check the process lockfile.
 	 */
--- a/conftools/perllib/dnsconf/DNSConf.i
+++ b/conftools/perllib/dnsconf/DNSConf.i
@ -283,10 +283,6 @@ INT_FIELD_DEFS(recursiveclients)
 INT_FIELD_DEFS(minroots)
 INT_FIELD_DEFS(serialqueries)
 INT_FIELD_DEFS(sigvalidityinterval)
-INT_FIELD_DEFS(datasize)
-INT_FIELD_DEFS(stacksize)
-INT_FIELD_DEFS(coresize)
-INT_FIELD_DEFS(files)
 INT_FIELD_DEFS(maxcachesize)
 INT_FIELD_DEFS(maxncachettl)
 INT_FIELD_DEFS(maxcachettl)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@ -3626,58 +3626,6 @@ options apply to zone transfers.
   This option acts like :any:`notify-source`, but applies to ``NOTIFY`` messages sent to IPv6
   addresses.

-.. _resource_limits:
-
-Operating System Resource Limits
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The server's usage of many system resources can be limited. Scaled
-values are allowed when specifying resource limits. For example, ``1G``
-can be used instead of ``1073741824`` to specify a limit of one
-gigabyte. ``unlimited`` requests unlimited use, or the maximum available
-amount. ``default`` uses the limit that was in force when the server was
-started. See the description of :term:`size`.
-
-The following options are deprecated in favor of setting the operating system
-resource limits from the operating system and/or process supervisor, should not
-be used, and will be rendered non-operational in a future release.
-
-
-.. namedconf:statement:: coresize
-   :tags: deprecated
-   :short: Sets the maximum size of a core dump.
-
-   This sets the maximum size of a core dump. The default is ``default``.
-
-.. namedconf:statement:: datasize
-   :tags: deprecated
-   :short: Sets the maximum amount of data memory that can be used by the server.
-
-   This sets the maximum amount of data memory the server may use. The default is
-   ``default``. This is a hard limit on server memory usage; if the
-   server attempts to allocate memory in excess of this limit, the
-   allocation will fail, which may in turn leave the server unable to
-   perform DNS service. Therefore, this option is rarely useful as a way
-   to limit the amount of memory used by the server, but it can be
-   used to raise an operating system data size limit that is too small
-   by default. To limit the amount of memory used by the
-   server, use the :any:`max-cache-size` and :any:`recursive-clients` options
-   instead.
-
-.. namedconf:statement:: files
-   :tags: deprecated
-   :short: Sets the maximum number of files the server may have open concurrently.
-
-   This sets the maximum number of files the server may have open concurrently.
-   The default is ``unlimited``.
-
-.. namedconf:statement:: stacksize
-   :tags: deprecated
-   :short: Sets the maximum amount of stack memory that can be used by the server.
-
-   This sets the maximum amount of stack memory the server may use. The default is
-   ``default``.
-
 .. _server_resource_limits:

 Server Resource Limits
--- a/doc/man/named.conf.5in
+++ b/doc/man/named.conf.5in
@ -152,8 +152,6 @@ options {
 	clients\-per\-query <integer>;
 	cookie\-algorithm ( aes | siphash24 );
 	cookie\-secret <string>; // may occur multiple times
-	coresize ( default | unlimited | <sizeval> ); // deprecated
-	datasize ( default | unlimited | <sizeval> ); // deprecated
 	deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
 	deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
 	dialup ( notify | notify\-passive | passive | refresh | <boolean> );
@ -196,7 +194,6 @@ options {
 	fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
 	fetches\-per\-server <integer> [ ( drop | fail ) ];
 	fetches\-per\-zone <integer> [ ( drop | fail ) ];
-	files ( default | unlimited | <sizeval> ); // deprecated
 	flush\-zones\-on\-shutdown <boolean>;
 	forward ( first | only );
 	forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@ -331,7 +328,6 @@ options {
 	sig\-signing\-type <integer>;
 	sig\-validity\-interval <integer> [ <integer> ];
 	sortlist { <address_match_element>; ... };
-	stacksize ( default | unlimited | <sizeval> ); // deprecated
 	stale\-answer\-client\-timeout ( disabled | off | <integer> );
 	stale\-answer\-enable <boolean>;
 	stale\-answer\-ttl <duration>;
--- a/doc/misc/options
+++ b/doc/misc/options
@ -95,8 +95,6 @@ options {
 	clients-per-query <integer>;
 	cookie-algorithm ( aes | siphash24 );
 	cookie-secret <string>; // may occur multiple times
-	coresize ( default | unlimited | <sizeval> ); // deprecated
-	datasize ( default | unlimited | <sizeval> ); // deprecated
 	deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
 	deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
 	dialup ( notify | notify-passive | passive | refresh | <boolean> );
@ -139,7 +137,6 @@ options {
 	fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
 	fetches-per-server <integer> [ ( drop | fail ) ];
 	fetches-per-zone <integer> [ ( drop | fail ) ];
-	files ( default | unlimited | <sizeval> ); // deprecated
 	flush-zones-on-shutdown <boolean>;
 	forward ( first | only );
 	forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@ -274,7 +271,6 @@ options {
 	sig-signing-type <integer>;
 	sig-validity-interval <integer> [ <integer> ];
 	sortlist { <address_match_element>; ... };
-	stacksize ( default | unlimited | <sizeval> ); // deprecated
 	stale-answer-client-timeout ( disabled | off | <integer> );
 	stale-answer-enable <boolean>;
 	stale-answer-ttl <duration>;
--- a/fuzz/isc_lex_gettoken.in/named.conf
+++ b/fuzz/isc_lex_gettoken.in/named.conf
@ -165,11 +165,7 @@ options {
 #maintain - ixfr - base no; // If yes, keep transaction log file for IXFR

 	max - ixfr - log - size 20m;
-	coresize 100;
-	datasize 101;
-	files 230;
 	max - cache - size 1m;
-	stacksize 231;
 	heartbeat - interval 1001;
 	interface - interval 1002;
 	statistics - interval 1003;
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@ -1219,8 +1219,8 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "blackhole", &cfg_type_bracketed_aml, 0 },
 	{ "cookie-algorithm", &cfg_type_cookiealg, 0 },
 	{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
-	{ "coresize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
-	{ "datasize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "coresize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
+	{ "datasize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
 	{ "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
 #ifdef HAVE_DNSTAP
@ -1237,7 +1237,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "dscp", &cfg_type_uint32, 0 },
 	{ "dump-file", &cfg_type_qstring, 0 },
 	{ "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "files", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "files", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
 	{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
 #ifdef HAVE_DNSTAP
 	{ "fstrm-set-buffer-hint", &cfg_type_uint32, 0 },
@ -1319,7 +1319,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "session-keyfile", &cfg_type_qstringornone, 0 },
 	{ "session-keyname", &cfg_type_astring, 0 },
 	{ "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
 	{ "startup-notify-rate", &cfg_type_uint32, 0 },
 	{ "statistics-file", &cfg_type_qstring, 0 },
 	{ "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },