aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-05-01 15:58:24 +0200
committerGitHub <noreply@github.com>2020-05-01 15:58:24 +0200
commit49107a5a2ee98793b4ecfaa0e1a6cacfdf5ccdd0 (patch)
tree27074aa3e7056c9b768433f3ff21eac0ea646285
parent1230499e45554069f3e6ad073f7e1b0083787213 (diff)
parent51585fffdd249d97af928844b337009a30f4d627 (diff)
downloadpodman-49107a5a2ee98793b4ecfaa0e1a6cacfdf5ccdd0.tar.gz
podman-49107a5a2ee98793b4ecfaa0e1a6cacfdf5ccdd0.tar.bz2
podman-49107a5a2ee98793b4ecfaa0e1a6cacfdf5ccdd0.zip
Merge pull request #6004 from rhatdan/ulimits
Set up ulimits for rootless containers.
-rw-r--r--pkg/spec/spec.go32
-rw-r--r--pkg/specgen/generate/oci.go32
2 files changed, 54 insertions, 10 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index a62344640..41ed5f1f0 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -16,6 +16,8 @@ import (
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
)
const CpuPeriod = 100000
@@ -534,11 +536,31 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
// If not explicitly overridden by the user, default number of open
// files and number of processes to the maximum they can be set to
// (without overriding a sysctl)
- if !nofileSet && !isRootless {
- g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax)
- }
- if !nprocSet && !isRootless {
- g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax)
+ if !nofileSet {
+ max := kernelMax
+ current := kernelMax
+ if isRootless {
+ var rlimit unix.Rlimit
+ if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
+ logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err)
+ }
+ current = rlimit.Cur
+ max = rlimit.Max
+ }
+ g.AddProcessRlimits("RLIMIT_NOFILE", current, max)
+ }
+ if !nprocSet {
+ max := kernelMax
+ current := kernelMax
+ if isRootless {
+ var rlimit unix.Rlimit
+ if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
+ logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err)
+ }
+ current = rlimit.Cur
+ max = rlimit.Max
+ }
+ g.AddProcessRlimits("RLIMIT_NPROC", current, max)
}
return nil
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index f0b4d1111..7993777fb 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -13,6 +13,8 @@ import (
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
)
func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
@@ -41,11 +43,31 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
// If not explicitly overridden by the user, default number of open
// files and number of processes to the maximum they can be set to
// (without overriding a sysctl)
- if !nofileSet && !isRootless {
- g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax)
- }
- if !nprocSet && !isRootless {
- g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax)
+ if !nofileSet {
+ max := kernelMax
+ current := kernelMax
+ if isRootless {
+ var rlimit unix.Rlimit
+ if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
+ logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err)
+ }
+ current = rlimit.Cur
+ max = rlimit.Max
+ }
+ g.AddProcessRlimits("RLIMIT_NOFILE", current, max)
+ }
+ if !nprocSet {
+ max := kernelMax
+ current := kernelMax
+ if isRootless {
+ var rlimit unix.Rlimit
+ if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
+ logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err)
+ }
+ current = rlimit.Cur
+ max = rlimit.Max
+ }
+ g.AddProcessRlimits("RLIMIT_NPROC", current, max)
}
return nil