File user@.service.d-limits.conf of Package pipewire
[Service]
TimeoutStopSec=20s
NoNewPrivileges=false
# https://unix.stackexchange.com/questions/589175/how-to-change-linux-scheduling-policy-for-user-systemd-file
# not having this monstrosity leads to sudo & su going nuts in all kind of ways under KDE/plasma for some inexplicable reason
CapabilityBoundingSet=~
CapabilityBoundingSet=CAP_SYS_NICE CAP_SYS_PTRACE CAP_SYS_RESOURCE CAP_SYS_CHROOT CAP_SYS_PACCT CAP_SYS_RAWIO CAP_IPC_LOCK CAP_IPC_OWNER CAP_PERFMON CAP_SYS_TIME CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=CAP_SETFCAP CAP_SETPCAP CAP_SETUID CAP_SETGID CAP_PERFMON
CapabilityBoundingSet=CAP_MAC_OVERRIDE CAP_MAC_ADMIN CAP_SYS_ADMIN CAP_NET_ADMIN CAP_NET_RAW CAP_BPF CAP_SYSLOG
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_LEASE CAP_LINUX_IMMUTABLE
AmbientCapabilities=~
AmbientCapabilities=CAP_SYS_NICE CAP_SYS_PTRACE CAP_SYS_RESOURCE CAP_SYS_CHROOT CAP_SYS_PACCT CAP_SYS_RAWIO CAP_IPC_LOCK CAP_IPC_OWNER CAP_PERFMON CAP_SYS_TIME CAP_SYS_TTY_CONFIG
AmbientCapabilities=CAP_SETFCAP CAP_SETPCAP CAP_SETUID CAP_SETGID CAP_PERFMON
AmbientCapabilities=CAP_MAC_OVERRIDE CAP_MAC_ADMIN CAP_SYS_ADMIN CAP_NET_ADMIN CAP_NET_RAW CAP_BPF CAP_SYSLOG
AmbientCapabilities=CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_LEASE CAP_LINUX_IMMUTABLE
# https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1840#note_1193304
#Environment=GLIBC_TUNABLES=glibc.malloc.mmap_threshold=131072
MemoryMax=infinity
# apps should use well below 1G, so 3-4G must be safe. but stupid apps may become inoperable with any limit
LimitMEMLOCK=infinity
LimitAS=infinity
LimitNOFILE=infinity
LimitMSGQUEUE=infinity
LimitSIGPENDING=infinity
LimitNPROC=16384
LimitNICE=-19
LimitRTPRIO=45:50
# https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1118
LimitRTTIME=infinity
RestrictRealtime=false
# these will only apply to the main thread
Nice=-5
#CPUSchedulingPolicy=fifo
#CPUSchedulingPriority=5
#CPUSchedulingResetOnFork=false
# 1/3 for high realtime or 2/0 for highest "best effort"
# systemd still just craps itself instead of setting realtime priority before dropping root privileges
# 'CapabilityBoundingSet/AmbientCapabilities=CAP_SYS_NICE' is needed to unlock that, see `man systemd.exec`
IOSchedulingClass=2
IOSchedulingPriority=1
OOMScoreAdjust=-900
TimerSlackNSec=332