Am 15.02.2013 11:48, schrieb Jan-Frode Myklebust:
> On Thu, Feb 14, 2013 at 07:18:49PM +0100, Reindl Harald wrote:
>>
>>
>>>>> CapabilityBoundingSet=~CAP_SYS_PTRACE
>>>
>>> CONFIG proxy.config.stack_dump_enabled 0
>>>
>> FYI: "CONFIG proxy.config.stack_dump_enabled 0" resolves the
>> instability in context of "CapabilityBoundingSet=~CAP_SYS_PTRACE"
> 
> Are you saying that changing either of these fixed your crashes ? If so,
> great to know so that I don't push this into the EPEL/Fedora packages!

CONFIG proxy.config.stack_dump_enabled 0
and all is fine

> I should probably do the PrivateTmp and a list of InaccessibleDirectories

be careful with "InaccessibleDirectories"

currently if they not existing the service won't start
there is a discussion on the systemd-list and Lennart
seems to be interested to support the minus sign as
for commandos to ignore the directory in such cases

> Not quite sure about OOMScoreAdjust and the limits.. I haven't needed
> setting any limits myself, and don't really care too much if the
> OOM-killer kills my ATS (as this will lead to IP-address failover and
> recovery in my config)

well, i simply took this from my mysld.service on a dbmail
machine where if some client / imap-process runs crazy the
lastz you want to see is mysqld killed and since i use
a dedicated virtual machine with only trafficserver it
can't hurt