Journalctl messages

English Install/Boot/Login
#1

Hi,
I have been reviewing journalctl logs albeit rather late after a number of tumbleweed’s ‘zypper dup’. I hadn’t really bothered as my PC seems 100% operational. But I’m curious as to what some messages mean and their potential detriment. I’m focusing on 3 messages here in case they ar erelated to each other.

I can tell you that it wasn;t until around February this year that I noticed these messages after a ‘zypper dup’. Logs from last year didn’t have these.

Here my concern is the “SGX disabled by BIOS” and the “ACPI BIOS Error” messages. I have not upgraded the PC’s BIOS in over 18 months.

chris@asus-roc:~> sudo journalctl -xeb 0 --priority warning 
[sudo] password for root: 
Journal file /var/log/journal/514041a033454edc8c63fae67c0830e1/user-1000@0005d55b74123179-8c57b74c34c34d0c.journal~ is truncated, ignoring file.
Jul 06 07:45:21 asus-roc kernel: x86/cpu: SGX disabled by BIOS.
Jul 06 07:45:21 asus-roc kernel: MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.
Jul 06 07:45:21 asus-roc kernel:   #7  #8  #9 #10 #11
Jul 06 07:45:21 asus-roc kernel: ENERGY_PERF_BIAS: Set to 'normal', was 'performance'
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR01._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR02._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR03._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR04._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR05._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR06._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR07._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR08._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)
Jul 06 07:45:21 asus-roc kernel: ACPI BIOS Error (bug): Could not resolve symbol \_PR.PR00._CPC], AE_NOT_FOUND (20211217/psargs-330)
Jul 06 07:45:21 asus-roc kernel: ACPI Error: Aborting method \_PR.PR09._CPC due to previous error (AE_NOT_FOUND) (20211217/psparse-529)

My other area of concern is that the journal is being regularly flooded with these apparent firewall messages. No idea when these started. Is it fatal? Can I stop them?

Jul 06 07:45:37 asus-roc.lan kernel: "filter_IN_public_REJECT: "IN=eth0 OUT= MAC= SRC=10.1.1.20 DST=224.0.0.251 LEN=234 TOS=0x00 PREC=0x00 TTL=255 ID=32 DF PROTO=UDP SPT=5353 DPT=5353 LEN=>
Jul 06 07:45:37 asus-roc.lan kernel: "filter_IN_public_REJECT: "IN=eth0 OUT= MAC= SRC=10.1.1.20 DST=224.0.0.252 LEN=54 TOS=0x00 PREC=0x00 TTL=255 ID=30800 PROTO=UDP SPT=5355 DPT=5355 LEN=3>
Jul 06 07:45:37 asus-roc.lan kernel: "filter_IN_public_REJECT: "IN=eth0 OUT= MAC= SRC=10.1.1.20 DST=224.0.0.251 LEN=234 TOS=0x00 PREC=0x00 TTL=255 ID=83 DF PROTO=UDP SPT=5353 DPT=5353 LEN=>
Jul 06 07:45:37 asus-roc.lan kernel: "filter_IN_public_REJECT: "IN=eth0 OUT= MAC= SRC=10.1.1.20 DST=224.0.0.252 LEN=54 TOS=0x00 PREC=0x00 TTL=255 ID=30827 PROTO=UDP SPT=5355 DPT=5355 LEN=3>
Jul 06 07:45:38 asus-roc.lan kernel: "filter_IN_public_REJECT: "IN=eth0 OUT= MAC= SRC=10.1.1.20 DST=224.0.0.251 LEN=216 TOS=0x00 PREC=0x00 TTL=255 ID=90 DF PROTO=UDP SPT=5353 DPT=5353 LEN=>

And this -

Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.
Jul 06 07:45:43 asus-roc.lan rtkit-daemon[1590]: Warning: Reached burst limit for user 'chris', denying request.

Thanks for any feedback.
Chris.

#2

Possibly a Firewall daemon issue – please raise a Bug Report against the Firewall daemon version currently being used by Tumbleweed – same login as the one you use to login to this Forum.

#3

For the SGX (Software Guard eXtensions) issue, please take a look at this Linux Kernel documentation – <https://www.kernel.org/doc/html/latest/x86/sgx.html>.

  • If possible, please enable the SGX support in your Mainboard’s UEFI/BIOS.

For the MDS CPU bug issue, please take a look at the Kernel documentation mentioned in the systemd Journal – <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html>.

#4

Possibly this RTKit limitation – <https://github.com/ValveSoftware/Proton/issues/4662>.

The only solution to overcome the RTKit limitation and have working thread priorities is to change the system RLIMIT_NICE value in /etc/security/limits.conf, to allow any process to manipulate niceness with setpriority directly. This is usually not allowed by default to prevent rogue processes, or unprivileged users in a shared system environment, from overloading the system.

#5

Hi, apologies for not replying sooner as I overlooked your reply.

In regards to the SGX issue - my UEFI/BIOS only has options to “Disabled” or “Software Controlled” - there’s no option to “Enable”. I read that kernel documentation and ran

chris@asus-roc:~>$ sudo grep sgx /proc/cpuinfo 
chris@asus-roc:~>$

which returned nothing so I infer my CPU does not support SGX.

This in itself is odd as I just checked a journal from 12 months ago and the SGX error never showed up. Maybe older editions of tumbleweed failed to report it?

In regards to the MDS issue, adding ‘mds=full,nosmt’ to kernel parameters removed the journal warnings.

As a bonus, a recent update of tumbleweed also eliminated the ACPI error bug so I’m assuming it was a kernel issue.

Regards…

#6

Well this is odd (again). My tumbleweed is now missing /etc/security/limits.conf. I had one setup for audio/jack audio setup. Will put a new conf file under /etc/security/limits.d/jack.conf and see what happens over time.

#7

I had a revisit of this. I have 2 other tumbleweed machines - one laptop and one KVM/QEMU - and they do not REJECT packets when the router does it’s multicast thing.

I turned off firewalld.service temporarily on my main PC and these REJECT messages stopped - turn the firewall back on and the REJECT continues. So something is wrong with the public zone??? I ran

chris@asus-roc:~>$ sudo firewall-cmd --permanent --zone=public --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6 dhcpv6-client mdns ssh tigervnc tigervnc-https
  ports: 25/tcp
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
chris@asus-roc:~>$

Nothing ‘looks’ wrong. Still reading up on firewalld but if anyone can tell me where this REJECT rule for multicast is I’d appreciate it :slight_smile:

#8 

 > rpm --query --whatprovides /etc/security/limits.conf
pam-1.3.0-150000.6.58.3.x86_64
 >

Please, forcibly re-install the “pam” package.

  • It seems that, you’ll also have to execute the following commands:
 # zypper verify

 # rpm --verify --all

Please, check the “rpm” output for missing files – use the rpm “–query --whatprovides” command to work out which packages have to be forcibly re-installed to resurrect the missing files.

#9

AFAICS, the default Firewalld settings for the “Public” zone are:


 # firewall-cmd --zone=public --list-all --permanent 
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
 #

On your machines, the “Public” zone has additionally been restricted to Port 25 and TCP only.

  • In addition, some additional services have been allowed: “dhcpv6 mdns tigervnc tigervnc-https” …
#10

Weirder and weirder.

My Tumbleweed does not have a ‘/etc/security/limits.conf’ file -

asus-roc:~ # rpm --query --whatprovides /etc/security/limits.conf
error: file /etc/security/limits.conf: No such file or directory

But is does have a ‘/usr/etc/security/limits.conf’ provided by pam

chris@asus-roc:~>$ rpm --query --whatprovides /usr/etc/security/limits.conf
pam-1.5.2-7.1.x86_64

I re-installed ‘pam’ - no change.

Also

asus-roc:~ # zypper verify 
Loading repository data...
Reading installed packages...
Dependencies of all installed packages are satisfied.

and

asus-roc:~ # rpm --verify --all
.M.......  g /run/cryptsetup
.....U...    /var/lib/mlocate
.....UG..  g /var/lib/mlocate/mlocate.db
.M.......  g /usr/share/libalternatives/f2py
.M.......  g /usr/share/libalternatives/f2py/1310.conf
.M.......  g /etc/aliases.lmdb
S.5....T.  c /etc/postfix/main.cf
S.5....T.  c /etc/postfix/master.cf
....L....  d /usr/share/man/man1/ftp.1.gz
SM5....T.  c /etc/fonts/conf.d/30-metric-aliases.conf
.M.......  c /etc/vnc/tls.key
S.5....T.  c /etc/auto.master
SM5....T.  c /etc/libvirt/nwfilter/allow-arp.xml
SM5....T.  c /etc/libvirt/nwfilter/allow-dhcp-server.xml
SM5....T.  c /etc/libvirt/nwfilter/allow-dhcp.xml
SM5....T.  c /etc/libvirt/nwfilter/allow-dhcpv6-server.xml
SM5....T.  c /etc/libvirt/nwfilter/allow-dhcpv6.xml
SM5....T.  c /etc/libvirt/nwfilter/allow-incoming-ipv4.xml
SM5....T.  c /etc/libvirt/nwfilter/allow-incoming-ipv6.xml
SM5....T.  c /etc/libvirt/nwfilter/allow-ipv4.xml
SM5....T.  c /etc/libvirt/nwfilter/allow-ipv6.xml
SM5....T.  c /etc/libvirt/nwfilter/clean-traffic-gateway.xml
SM5....T.  c /etc/libvirt/nwfilter/clean-traffic.xml
SM5....T.  c /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
SM5....T.  c /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml
SM5....T.  c /etc/libvirt/nwfilter/no-arp-spoofing.xml
SM5....T.  c /etc/libvirt/nwfilter/no-ip-multicast.xml
SM5....T.  c /etc/libvirt/nwfilter/no-ip-spoofing.xml
SM5....T.  c /etc/libvirt/nwfilter/no-ipv6-multicast.xml
SM5....T.  c /etc/libvirt/nwfilter/no-ipv6-spoofing.xml
SM5....T.  c /etc/libvirt/nwfilter/no-mac-broadcast.xml
SM5....T.  c /etc/libvirt/nwfilter/no-mac-spoofing.xml
SM5....T.  c /etc/libvirt/nwfilter/no-other-l2-traffic.xml
SM5....T.  c /etc/libvirt/nwfilter/no-other-rarp-traffic.xml
SM5....T.  c /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml
SM5....T.  c /etc/libvirt/nwfilter/qemu-announce-self.xml
.M.......  g /etc/iscsi/initiatorname.iscsi
S.5....T.  c /etc/systemd/journald.conf
S.5....T.  c /etc/systemd/timesyncd.conf
.M.......  g /usr/share/libalternatives/chardetect
.M.......  g /usr/share/libalternatives/chardetect/1310.conf
S.5....T.  c /usr/lib/modprobe.d/50-nvidia-default.conf
.M.......  c /var/log/NetworkManager
.......T.    /usr/lib64/xorg/modules/drivers/nvidia_drv.so
.M.......  d /usr/share/info/dir
.M.......  g /etc/xml/catalog-d.xml
S.5....T.  c /etc/sysctl.conf
.M....G..  g /var/log/lastlog
S.5....T.  c /etc/cups/cups-files.conf
S.5....T.  c /etc/cups/cupsd.conf
......G..    /etc/cups/ssl
.M....G..  g /etc/brlapi.key
S.5....T.  c /etc/fonts/conf.d/10-rendering-options.conf
S.5....T.  c /etc/fonts/conf.d/58-family-prefer-local.conf
......G..  g /run/radvd
S.5....T.  c /etc/chrony.conf
.M.......  g /var/lib/chrony/drift
.M.......  g /etc/plymouth/plymouthd.conf
.M.......  g /var/lib/plymouth/boot-duration
.M.......  g /var/log/boot.log
.M.......  g /usr/share/libalternatives/chardetect
.M.......  g /usr/share/libalternatives/chardetect/38.conf
.M.......  g /usr/share/fonts/Type1/encodings.dir
.M.......  g /usr/share/fonts/cyrillic/encodings.dir
.M.......  g /usr/share/fonts/cyrillic/fonts.scale
.M.......  g /usr/share/fonts/truetype/encodings.dir
.M.......  g /run/mcelog
.M.......  g /usr/share/fonts/misc/encodings.dir
.M.......  g /usr/share/fonts/misc/fonts.scale
/etc/cron.d/: no configuration entry in active permission profiles found. Cannot check this path.
/etc/cron.daily/: no configuration entry in active permission profiles found. Cannot check this path.
/etc/cron.hourly/: no configuration entry in active permission profiles found. Cannot check this path.
/etc/cron.monthly/: no configuration entry in active permission profiles found. Cannot check this path.
/etc/cron.weekly/: no configuration entry in active permission profiles found. Cannot check this path.
.M.......  g /run/netns
.M...UG..  g /run/vncmanager
.M.......  g /usr/share/libalternatives/pip
.M.......  g /usr/share/libalternatives/pip/1310.conf
.M.......  g /usr/share/libalternatives/pip3
.M.......  g /usr/share/libalternatives/pip3/1310.conf
.M.......  g /run/media
.M.......  g /run/avahi-daemon
.M.......  g /var/cache/PackageKit
.M.......  g /run/netconfig
.M.......  g /run/netconfig/resolv.conf
.M.......  g /run/netconfig/yp.conf
S.5....T.  c /etc/default/grub
S.5....T.  c /etc/pulse/default.pa
.M.......  g /var/lib/pulseaudio
S.5....T.  c /etc/firewalld/firewalld.conf
.M.......  g /var/log/alternatives.log
.M.......  g /run/certmonger
.M.......  g /usr/share/libalternatives/f2py
.M.......  g /usr/share/libalternatives/f2py/38.conf
.M.......    /usr/bin/readcd
S.5....T.  c /var/lib/unbound/root.key
missing     /usr/bin/llvm-exegesis
missing   d /usr/share/man/man1/llvm-exegesis.1.gz
.M.......  g /usr/share/libalternatives/pybabel
.M.......  g /usr/share/libalternatives/pybabel/38.conf
.M.......  g /usr/share/libalternatives/pip
.M.......  g /usr/share/libalternatives/pip/38.conf
.M.......  g /usr/share/libalternatives/pip3
.M.......  g /usr/share/libalternatives/pip3/38.conf
.M.......  g /var/lib/nfs/state
.M.......  g /etc/mpv/scripts
.....UG..  g /run/lightdm
.M.......  g /run/tmux
.M...UG..  g /run/redis
.M.......  g /usr/share/fonts/100dpi/encodings.dir
.M.......  g /usr/share/fonts/100dpi/fonts.scale
.M.......  g /usr/share/fonts/75dpi/encodings.dir
.M.......  g /usr/share/fonts/75dpi/fonts.scale
asus-roc:~ #

In my old notes I had for settings in opensuse Leap 15’s I had ‘/etc/security/limits.conf’. Does Tumbleweed do things differently???

#11

Yes, I added those additional service and port 25 for other tests.

So is there a file that I can check to see if there is a REJECT rule for the multicast messages from my router??

#12

Please check the Tumbleweed man page for “limits.conf”.

  • The Leap 15.4 man page and, the man pages on the network, all indicate ‘etc/security/limits.conf’ …

Whatever, you should always put your changes in a *.conf file located in ‘/etc/security/limits.d/’ …

#13

You may have to investigate the firewalld Rich Language:

#14

Thanks again.

I did a bit of ‘research’ and found I could view the nftables with

nft list ruleset |less

I found this entry

chain filter_IN_public {
                jump filter_INPUT_POLICIES_pre
                jump filter_IN_public_pre
                jump filter_IN_public_log
                jump filter_IN_public_deny
                jump filter_IN_public_allow
                jump filter_IN_public_post
                jump filter_INPUT_POLICIES_post
                meta l4proto { icmp, ipv6-icmp } accept
                log prefix "filter_IN_public_REJECT: "
                reject with icmpx admin-prohibited
        }

        chain filter_IN_public_pre {
        }

        chain filter_IN_public_log {
        }

        chain filter_IN_public_deny {
        }

        chain filter_IN_public_allow {
                ip6 daddr fe80::/64 udp dport 546 ct state { new, untracked } accept
                tcp dport 22 ct state { new, untracked } accept
                udp dport 547 ct state { new, untracked } accept
                tcp dport 5901 ct state { new, untracked } accept
                tcp dport 5801 ct state { new, untracked } accept
        }

Note the ‘log prefix’ entry. I think the journald is logging a false positive. That ‘log prefix’ is not present on my other tumbleweed PCs nftables.

How that entry got there is unknown as this sort of stuff is beyond my current skill set. Maybe something got screwed up when I did an Online Upgrade from Leap 15.2 to Tumbleweed https://en.opensuse.org/openSUSE:Tumbleweed_upgrade#Online_Upgrade ](https://en.opensuse.org/openSUSE:Tumbleweed_upgrade#Online_Upgrade)
I will research a bit more on editing nftables.

Thanks.

#15

Well the man page for limits.conf says /etc/security/limits.conf. In practice pam package says /usr/etc/security/limits.conf.

├── etc
│   ├── environment
│   ├── pam.d
│   └── security
│       ├── access.conf
│       ├── limits.d
│       ├── namespace.conf
│       ├── namespace.d
│       ├── namespace.init
│       ├── pam_env.conf
│       ├── sepermit.conf
│       └── time.conf
└── usr
    ├── etc
    │   ├── pam.d
    │   └── security
    │       ├── faillock.conf
    │       ├── group.conf
    │       └── limits.conf

Ok, using /limits.d/ from now on.

Thanks.

#16

Configuration files in /etc and /usr/etc

#17

No it is not. There are no rules to allow either port 5353 or address 224.0.0.251 (nor does it list port 25 BTW). Your runtime nftables configuration does not match permanent firewalld configuration. Reboot to make sure to apply permanent configuration and check again.

#18

Intel has disabled SGX due to vulnerabilities.

#19

Thank you. Kind of frustrating that the man page for limits.conf does not reflect this change. Doubly frustrating that my original /etc/security/limits.conf had been deleted.

As mentioned previously will now use /etc/security/limits.conf.d/limits.conf

#20

Thank you. So why would the kernel still bother to report on it?