nixos/sysctl: dynamic inotify watches or higher defaults

[blaggacao]

Nowadays most applications require a good amount of inotify watches,
so raise our default to what other distros do. If kernel supports it
enable dynamic setting.

[nh2]

Great find, change looks sensible to me.

[blaggacao]

ping: this is supposed to be ready 🤷

[blaggacao]

@GrahamcOfBorg test bittorrent
@GrahamcOfBorg test boot.biosCdrom
@GrahamcOfBorg test boot.biosNetboot
@GrahamcOfBorg test boot.biosUsb
@GrahamcOfBorg test boot.uefiCdrom
@GrahamcOfBorg test boot.uefiNetboot
@GrahamcOfBorg test boot.uefiUsb
@GrahamcOfBorg test installer.bcache
@GrahamcOfBorg test installer.btrfsSimple
@GrahamcOfBorg test installer.btrfsSubvolDefault
@GrahamcOfBorg test installer.btrfsSubvols
@GrahamcOfBorg test installer.encryptedFSWithKeyfile
@GrahamcOfBorg test installer.grub1
@GrahamcOfBorg test installer.luksroot
@GrahamcOfBorg test installer.lvm
@GrahamcOfBorg test installer.separateBoot
@GrahamcOfBorg test installer.simple
@GrahamcOfBorg test installer.swraid
@GrahamcOfBorg test installer.fsroot

[blaggacao]

@alyssais Can we merge this? All feedback seems to be duly attended.

[fzakaria]

This change LGTM.

[fzakaria]

I think it's great.
Small nit would be making it a let variable or a re-usable variable for INT_MAX.
(Probably re-used elsewhere)

[fzakaria]

Can we make boot.kernel.INT_MAX a variable?

[blaggacao]

I guess, it would be more like in the stdenv, though or lib or even builtin. I can make a quick follow-up PR once this is merged.

[maralorn]

I don‘t understand the max_user_instances default.

I guess it makes sense for max_user_watches. The commit explains that the default value changes with 5.11 so we set that same value for everything below 5.11. Seems reasonable.

For max_user_instances we only change the default for everything above 5.12, if I understand kernelAtLeast correctly. Why is that?

It might be just right, but it looks like different cases. So describing them both with "Dynamic since X" confuses me. Can you maybe elaborate that?

[blaggacao]

Can you maybe elaborate that?

The upstream commit formulation is so intricate that I don't dare to give an approximate interpretation here inline.

torvalds/linux@ac7b79f

It reads:

With inotify instances charged to memcg [since 5.12], the admin can simply set max_user_instances to INT_MAX and let the memcg limits of the jobs limit their inotify instances.

---

everything above 5.12

... and including 5.12.

[maralorn]

Okay, do you know what harm it would do do raise that limit unconditionally?

And related: Back porting a new default is one thing, but are we sure it’s a good idea to override an existing default for current and future kernels?

---

Edit: For reference I routinely increase max_user_watches. I never needed to increase max_user_instances.

[blaggacao]

Thanks for the continued discussion!

Okay, do you know what harm it would do do raise that limit unconditionally?

I don't for sure, but I assume that it's an int value, so it cannot receive more than MAX_INT.

And related: Back porting a new default is one thing, but are we sure it’s a good idea to override an existing default for current and future kernels?

This was inspired by how it was argued in the related issue: #36214, seems to be a requirement for docker or rather: in general name-spacing. I innocently assume because of those namespaces actually count towards this maximum.

Since this is a maximum boundary and implemented as a default, it is in any case as close to a pareto-improvement as we can get (doesn't do harm to anybody, but good to many). The maximum is only hit, if you actually use it.

[maralorn]

Okay, do you know what harm it would do do raise that limit unconditionally?

I don't for sure, but I assume that it's an int value, so it cannot receive more than MAX_INT.

That’s not what I meant. I was wondering why we only do the override from 5.12 and newer.

But since then I think I understood it. I suggest adding a comment of the form:
From version 5.12 inotify watches count against a RAM resource limit, so it’s safe to increase this limit to the maximum
(If this is factually correct.)

And related: Back porting a new default is one thing, but are we sure it’s a good idea to override an existing default for current and future kernels?

This was inspired by how it was argued in the related issue: #36214, seems to be a requirement for docker or rather: in general name-spacing. I innocently assume because of those namespaces actually count towards this maximum.

Since this is a maximum boundary and implemented as a default, it is in any case as close to a pareto-improvement as we can get (doesn't do harm to anybody, but good to many). The maximum is only hit, if you actually use it.

Well the resulting harm would be if the user creates a resource exhaustion they don‘t want. So this wouldn‘t be a "pareto-improvement". The kernel has these limits for a reason. But if my phrasing above is correct, it’s fine to raise it.

[maralorn]

Suggested change

	# mainatainers (see commit) suggest to increase this limit to the maximum
	# maintainers (see commit) suggest to increase this limit to the maximum

[maralorn]

I think I am 100% in favor of the instances change. It does basically what the kernel devs recommend.

I am a little bit uncertain about the watches change. The kernel wants to establish a new, system dependent default here and this PR would raise the limit for older kernels higher then what new kernels would pick on most systems. I don‘t think this is likely to cause any problems, but maybe someone more confident can merge this.

[blaggacao]

Cleaning up my follow-up list. Please anyone feel free to pick this up.