summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-01-10 16:44:40 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-01-10 17:43:58 +0100
commita2c1a2df54f3660cdb49022fee1eae4a968c279a (patch)
tree7bece76b13c5bf80d456f959404d2f6eb41523f5
parent0f6535cf6b4bfac265983c2fdd3482310ab4f39b (diff)
downloadpodman-a2c1a2df54f3660cdb49022fee1eae4a968c279a.tar.gz
podman-a2c1a2df54f3660cdb49022fee1eae4a968c279a.tar.bz2
podman-a2c1a2df54f3660cdb49022fee1eae4a968c279a.zip
podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: https://github.com/containers/libpod/issues/2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--cmd/podman/main.go18
-rw-r--r--libpod/container_easyjson.go2
2 files changed, 12 insertions, 8 deletions
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 43804ee35..604404827 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -148,16 +148,20 @@ func main() {
logrus.SetLevel(level)
}
- // Only if not rootless, set rlimits for open files.
- // We open numerous FDs for ports opened
- if !rootless.IsRootless() {
- rlimits := new(syscall.Rlimit)
- rlimits.Cur = 1048576
- rlimits.Max = 1048576
+ rlimits := new(syscall.Rlimit)
+ rlimits.Cur = 1048576
+ rlimits.Max = 1048576
+ if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+ if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+ return errors.Wrapf(err, "error getting rlimits")
+ }
+ rlimits.Cur = rlimits.Max
if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
return errors.Wrapf(err, "error setting new rlimits")
}
- } else {
+ }
+
+ if rootless.IsRootless() {
logrus.Info("running as rootless")
}
diff --git a/libpod/container_easyjson.go b/libpod/container_easyjson.go
index f1cb09bcc..50741df11 100644
--- a/libpod/container_easyjson.go
+++ b/libpod/container_easyjson.go
@@ -1,6 +1,6 @@
// +build seccomp ostree selinux varlink exclude_graphdriver_devicemapper
-// Code generated by easyjson for marshaling/unmarshaling. DO NOT EDIT
+// Code generated by easyjson for marshaling/unmarshaling. DO NOT EDIT.
package libpod