kernel - Add per-user file descriptor limit
* Add kern.maxfilesperuser and kern.minfilesperproc to complement the
kern.maxfilesperproc which already exists. Print a warning on the
console if a user hits the limit (rate limited).
* Track per-user files via the uidinfo structure. Each file pointer counts
as one file. dup()'d and fork()'d file descriptors do not count.
* Adjust the default user limits to approximately 1/4 the system maximums
instead of 9/10 the system maximums. This reduces the maximum descriptors
per process and the maximum processes per uid. They can be raised again
via sysctl.
* Set minfilesperproc to 8 by default. This is a safety which guarantees
that a process can always have at least that many open descriptors
without tripping over kern.maxfilesperuser.
Reported-by: swildner