diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-01-10 11:38:59 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-10 11:38:59 -0800 |
commit | c3f632d85ae11bb8b447ec5d8e9ef281b6b8ac7f (patch) | |
tree | e41204b51592d9688fbc6ceb5586c3accbaa7738 | |
parent | 6524041fb0ebfc35dafe3bb7bebbd4dfa27ba5e8 (diff) | |
parent | a2c1a2df54f3660cdb49022fee1eae4a968c279a (diff) | |
download | podman-c3f632d85ae11bb8b447ec5d8e9ef281b6b8ac7f.tar.gz podman-c3f632d85ae11bb8b447ec5d8e9ef281b6b8ac7f.tar.bz2 podman-c3f632d85ae11bb8b447ec5d8e9ef281b6b8ac7f.zip |
Merge pull request #2126 from giuseppe/set-prlimit
podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
-rw-r--r-- | cmd/podman/main.go | 18 | ||||
-rw-r--r-- | libpod/container_easyjson.go | 2 |
2 files changed, 12 insertions, 8 deletions
diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 43804ee35..604404827 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -148,16 +148,20 @@ func main() { logrus.SetLevel(level) } - // Only if not rootless, set rlimits for open files. - // We open numerous FDs for ports opened - if !rootless.IsRootless() { - rlimits := new(syscall.Rlimit) - rlimits.Cur = 1048576 - rlimits.Max = 1048576 + rlimits := new(syscall.Rlimit) + rlimits.Cur = 1048576 + rlimits.Max = 1048576 + if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil { + if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil { + return errors.Wrapf(err, "error getting rlimits") + } + rlimits.Cur = rlimits.Max if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil { return errors.Wrapf(err, "error setting new rlimits") } - } else { + } + + if rootless.IsRootless() { logrus.Info("running as rootless") } diff --git a/libpod/container_easyjson.go b/libpod/container_easyjson.go index f1cb09bcc..50741df11 100644 --- a/libpod/container_easyjson.go +++ b/libpod/container_easyjson.go @@ -1,6 +1,6 @@ // +build seccomp ostree selinux varlink exclude_graphdriver_devicemapper -// Code generated by easyjson for marshaling/unmarshaling. DO NOT EDIT +// Code generated by easyjson for marshaling/unmarshaling. DO NOT EDIT. package libpod |