!239 [sync] PR-236: Set DefaultTasksMax to 80% and allow more inodes in /dev and /tmp

From: @openeuler-sync-bot 
Reviewed-by: @overweight 
Signed-off-by: @overweight

0019-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch

@@ -0,0 +1,50 @@
+From bb46b12cbb84411e378cd45f2ac320a9ce53551c Mon Sep 17 00:00:00 2001
+From: openEuler Buildteam <buildteam@openeuler.org>
+Date: Tue, 10 Mar 2020 21:01:43 +0800
+Subject: [PATCH] pid1 bump DefaultTasksMax to 80% of the kernel pid.max value
+
+---
+ man/systemd-system.conf.xml          | 2 +-
+ src/core/system.conf.in              | 2 +-
+ units/user-.slice.d/10-defaults.conf | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
+index e403fa5..afd51ed 100644
+--- a/man/systemd-system.conf.xml
++++ b/man/systemd-system.conf.xml
+@@ -360,7 +360,7 @@
+         <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
+         <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+         for details. This setting applies to all unit types that support resource control settings, with the exception
+-        of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
++        of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+         and root cgroup <varname>pids.max</varname>.
+         Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
+         For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index 8112125..9e75b14 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -51,7 +51,7 @@
+ #DefaultBlockIOAccounting=no
+ #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
+ #DefaultTasksAccounting=yes
+-#DefaultTasksMax=15%
++#DefaultTasksMax=80%
+ #DefaultLimitCPU=
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=
+diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf
+index c81a00e..3b14c35 100644
+--- a/units/user-.slice.d/10-defaults.conf
++++ b/units/user-.slice.d/10-defaults.conf
+@@ -14,4 +14,4 @@ After=systemd-user-sessions.service
+ StopWhenUnneeded=yes
+ 
+ [Slice]
+-TasksMax=33%
++TasksMax=80%
+-- 
+1.8.3.1
+

backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch

@@ -0,0 +1,30 @@
+From e98d0662ffbffe2c60492be6b4f5d579038d3282 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 9 Dec 2021 10:09:17 +0100
+Subject: [PATCH 1/2] Bump the max number of inodes for /dev to a million
+
+4c733d3046942984c5f73b40c3af39cc218c103f shows that 95k can be used easily on a large
+system. Let's bump it up even more so that we have some "breathing room".
+---
+ src/shared/mount-util.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h
+index 3622170297..ce73aebd4b 100644
+--- a/src/shared/mount-util.h
++++ b/src/shared/mount-util.h
+@@ -11,9 +11,9 @@
+ #include "errno-util.h"
+ #include "macro.h"
+ 
+-/* 4MB for contents of regular files, 64k inodes for directories, symbolic links and device specials, using
++/* 4MB for contents of regular files, 1m inodes for directories, symbolic links and device nodes, using
+  * large storage array systems as a baseline */
+-#define TMPFS_LIMITS_DEV             ",size=4m,nr_inodes=64k"
++#define TMPFS_LIMITS_DEV             ",size=4m,nr_inodes=1m"
+ 
+ /* Very little, if any use expected */
+ #define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k"
+-- 
+2.27.0
+

backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch

@@ -0,0 +1,28 @@
+From cac372a80177fb622806270eb0d810e4c6ad0c84 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 9 Dec 2021 10:20:46 +0100
+Subject: [PATCH 2/2] Bump the max number of inodes for /tmp to a million too
+
+Fixes #21626. (The bug report talks about /run, but the issue is actually with
+/tmp.) People use /tmp for various things that fit in memory, e.g. unpacking
+packages, and 400k is not much. Let's raise is a bit.
+---
+ units/tmp.mount | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/tmp.mount b/units/tmp.mount
+index 516bd1621c..4e1bb8de24 100644
+--- a/units/tmp.mount
++++ b/units/tmp.mount
+@@ -22,7 +22,7 @@ After=swap.target
+ What=tmpfs
+ Where=/tmp
+ Type=tmpfs
+-Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k
++Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m
+ 
+ # Make 'systemctl enable tmp.mount' work:
+ [Install]
+-- 
+2.27.0
+

backport-unit-escape.patch

@@ -0,0 +1,26 @@
+From 6e4d122ad1db11ca898de183f898f731c4839d4a Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 23 Feb 2022 01:29:42 +0900
+Subject: [PATCH] unit: escape %
+
+Fixes #22601.
+---
+ units/tmp.mount | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/tmp.mount b/units/tmp.mount
+index 4e1bb8de24..734acea237 100644
+--- a/units/tmp.mount
++++ b/units/tmp.mount
+@@ -22,7 +22,7 @@ After=swap.target
+ What=tmpfs
+ Where=/tmp
+ Type=tmpfs
+-Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m
++Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m
+ 
+ # Make 'systemctl enable tmp.mount' work:
+ [Install]
+-- 
+2.27.0
+

systemd.spec

@@ -20,7 +20,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        249
-Release:        12
+Release:        14
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -63,7 +63,8 @@ Patch0014:      0014-journal-don-t-enable-systemd-journald-audit.socket-b.patch
 Patch0015:      0015-systemd-change-time-log-level.patch
 Patch0016:      0016-fix-capsh-drop-but-ping-success.patch
 Patch0017:      0017-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
-patch0018:      0018-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch
+Patch0018:      0018-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch
+Patch0019:      0019-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
 
 #backport
 Patch6000:      backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch
@@ -79,8 +80,11 @@ Patch6009:      backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories
 Patch6010:      backport-fix-CVE-2021-33910.patch
 Patch6011:      backport-temporarily-disable-test-seccomp.patch
 Patch6012:      backport-revert-core-map-io.bfq.weight-to-1.1000.patch
-Patch6013:      backport-0001-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch
-Patch6014:      backport-0002-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch
+Patch6013:      backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch
+Patch6014:      backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch
+Patch6015:      backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch
+Patch6016:      backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch
+Patch6017:      backport-unit-escape.patch
 
 BuildRequires:  gcc, gcc-c++
 BuildRequires:  libcap-devel, libmount-devel, pam-devel, libselinux-devel
@@ -1482,6 +1486,12 @@ fi
 %{_libdir}/security/pam_systemd.so
 
 %changelog
+* Thu Mar 17 2022 xujing <xujing99@huawei.com> - 249-14
+- pid1 bump DefaultTasksMax to 80% of the kernel pid.max value
+
+* Thu Mar 17 2022 xujing <xujing99@huawei.com> - 249-13
+- allow more inodes in /dev an /tmp
+
 * Fri Mar 11 2022 yangmingtai <yangmingtai@huawei.com> - 249-12
 - disable some features