summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRalf Haferkamp <rhafer@suse.com>2020-06-26 11:14:35 +0200
committerRalf Haferkamp <rhafer@suse.com>2020-06-26 11:17:32 +0200
commit43c19966f67fed9ec6551efcd0a96231fbf40e56 (patch)
treea58e14991d6811e5b1b4ef5b2216e531f067c30b
parentbb11b428798094f33b3ec6102d2e52a3baf46324 (diff)
downloadpodman-43c19966f67fed9ec6551efcd0a96231fbf40e56.tar.gz
podman-43c19966f67fed9ec6551efcd0a96231fbf40e56.tar.bz2
podman-43c19966f67fed9ec6551efcd0a96231fbf40e56.zip
specgen: fix order for setting rlimits
Also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Rootless containers failed to start when the calling user already had ulimit (e.g. on NOFILE) set. This is basically a cherry-pick of 76f8efc0d0d into specgen Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
-rw-r--r--pkg/specgen/generate/oci.go20
1 files changed, 14 insertions, 6 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 1c34f622b..badb34999 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -52,10 +52,14 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err)
}
- current = rlimit.Cur
- max = rlimit.Max
+ if rlimit.Cur < current {
+ current = rlimit.Cur
+ }
+ if rlimit.Max < max {
+ max = rlimit.Max
+ }
}
- g.AddProcessRlimits("RLIMIT_NOFILE", current, max)
+ g.AddProcessRlimits("RLIMIT_NOFILE", max, current)
}
if !nprocSet {
max := kernelMax
@@ -65,10 +69,14 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err)
}
- current = rlimit.Cur
- max = rlimit.Max
+ if rlimit.Cur < current {
+ current = rlimit.Cur
+ }
+ if rlimit.Max < max {
+ max = rlimit.Max
+ }
}
- g.AddProcessRlimits("RLIMIT_NPROC", current, max)
+ g.AddProcessRlimits("RLIMIT_NPROC", max, current)
}
return nil