There are some undocumented limits that apply to control messages over unix domain sockets, and SCM_RIGHTS messages in particular.
- Control messages must fit in an mbuf cluster, which is MCLBYTES (2KB) in size.
- Control message data must be natively aligned, so 64-bit kernels are limited to fewer rights per message than 32-bit kernels. This can be problematic when running 32-bit applications on a 64-bit kernel.
- SCM_RIGHTS message contents must be translated to an internalized format before they can be transmitted. Specifically, a 4-byte file descriptor is converted to a pointer, and internalized messages must fit in an mbuf cluster as well. So even though we can pack (2048-16)/sizeof(int) FDs in a single SCM_RIGHTS message on amd64, the kernel can only handle (2048-16)/sizeof(void *) FDs.