Comment 5 for bug 1578080

This was discussed upstream last November: https://lists.freedesktop.org/archives/systemd-devel/2015-November/035006.html

And then enabled by default in 228 in https://github.com/systemd/systemd/commit/9ded9cd14.

So in retrospect, having a default limit there was not such a good idea after all: 512 is way too much for most "simple" services, and it's way too little for others such as the ones mentioned above. There is also no particular rationale about "512", so even if we'd bump it to 1024 we'd just make the limit even less useful while still breaking software.

So I think we should disable the default limit at least for Xenial in an SRU, but probably also in devel. It is both much safer and also much more effective in terms of guarding against berserk programs/bugs/unintended fork bombs etc. to set limits in units individually. Once someone looks at one, this is then a great time to also flip on the other resource and privilege limitations that systemd offers, such as CapabilityBoundingSet=, SecureBits=, PrivateDevices=, PrivateNetwork=, ProtectSystem=, ProtectHome=, etc.