Folks, does anyone experienced orbit service causing problems with reaching default limit for

/proc/sys/kernel/keys/maxkeys

and than all not nice things which will follow this (Fedora 42)

$ wc -l /proc/keys
200 /proc/keys
$ sudo systemctl stop orbit.service
$ wc -l /proc/keys
8 /proc/keys

Hi @V Rozhniatovskyi! Is this only happening on Fedora 42?

as far as i can see yes, we don't have much of variety when it comes to linux flavours

First time I hear about orbit using

/proc/keys

, what do you see listed?

well, i'll need to spin up my own test F42 machine, so far i just getting reports from other people who started experiencing problems in the last 24-48 hours all linked to the moment upgrading fleetd from 1.45.1 to 1.46.0

Worth running

SELECT * FROM kernel_keys;

(from Fleet UI) on these devices.

so a bit more info, which might help

while : ; do printf '%s: wc -l /proc/keys: %s\n' "$(date -u -Is)" "$(wc -l /proc/keys)"; sleep 1 ; done

2025-08-20T13:37:01+00:00: wc -l /proc/keys: 95 /proc/keys
2025-08-20T13:37:02+00:00: wc -l /proc/keys: 96 /proc/keys
...
2025-08-20T13:37:17+00:00: wc -l /proc/keys: 96 /proc/keys
2025-08-20T13:37:18+00:00: wc -l /proc/keys: 97 /proc/keys
...
2025-08-20T13:37:34+00:00: wc -l /proc/keys: 97 /proc/keys
2025-08-20T13:37:35+00:00: wc -l /proc/keys: 98 /proc/keys
...
2025-08-20T13:37:50+00:00: wc -l /proc/keys: 98 /proc/keys
2025-08-20T13:37:51+00:00: wc -l /proc/keys: 99 /proc/keys
...
2025-08-20T13:38:06+00:00: wc -l /proc/keys: 99 /proc/keys
2025-08-20T13:38:07+00:00: wc -l /proc/keys: 100 /proc/keys
...

each increment perfectly aligns with the following logs (example)

Aug 20 13:38:06 hostname orbit[3767336]: 2025-08-20T09:38:06-04:00 INF killing any pre-existing fleet-desktop instances
Aug 20 13:38:07 hostname orbit[3767336]: 2025-08-20T09:38:07-04:00 INF attempting to get user session type and display id=1000 user=xxxx
Aug 20 13:38:07 hostname orbit[3767336]: 2025-08-20T09:38:07-04:00 INF running runuser display=wayland-0 id=1000 path=/opt/orbit/bin/desktop/linux/stable/fleet-desktop/fleet-desktop session_type=wayland user=xx>
Aug 20 13:38:07 hostname orbit[3767336]: 2025-08-20T09:38:07-04:00 INF running command cmd="/usr/sbin/runuser -l xxxx -c runcon \"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\" env WAYLAND_DISPLAY=wa>
Aug 20 13:38:07 hostname orbit[3777934]: runcon: 'env': Permission denied

selinux problem?

Ah, likely related to this change. Though I'm not sure what keys have to do with it... We'll need to dig.

@V Rozhniatovskyi thanks for the helpful logs. Were your hosts launching the desktop app successfully in previous releases?

yes, we never had problems, and even with all these errors hosts are still reachable... i mean until service is manually stopped as people experiencing problems with other stuff and just switching fleet off 😅

Ok, just to be clear I specifically mean the desktop app icon in the system tray that you can click on to open the "My Device" page in a browser

as far as i remember on linux it required some extra steps but yes it did work, with some issues when it come to actually using it, and we also had some hosts which just opt out of the desktop app on linux...

Can you say anything about your selinux setup (i.e. is it fairly strict)? I can see how some policies might cause permissions issues when trying to run

env

in a different context, I'm just trying to gauge how pervasive this issue might be. We haven't had any other reports of this yet but that doesn't mean it's not happening elsewhere.

Nothing special really, just default which comes with fedora