aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-08-28 12:54:41 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-28 17:32:24 +0000
commit6a46af571e70fd49655fe97df93391500933b2d1 (patch)
tree6ec093a77ca682d4fc56ca9ca557a44410ef89cd
parentf86f5d3e59f2a319d8bfaaf5712dc90602f001a7 (diff)
downloadpodman-6a46af571e70fd49655fe97df93391500933b2d1.tar.gz
podman-6a46af571e70fd49655fe97df93391500933b2d1.tar.bz2
podman-6a46af571e70fd49655fe97df93391500933b2d1.zip
Set nproc in containers unless explicitly overridden
Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1355 Approved by: rhatdan
-rw-r--r--pkg/spec/spec.go23
1 files changed, 16 insertions, 7 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 6520940d0..26b93f5fe 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -440,26 +440,35 @@ func addIpcNS(config *CreateConfig, g *generate.Generator) error {
func addRlimits(config *CreateConfig, g *generate.Generator) error {
var (
- ul *units.Ulimit
- err error
+ kernelMax uint64 = 1048576
+ isRootless = rootless.IsRootless()
+ nofileSet = false
+ nprocSet = false
)
- nofileSet := false
-
for _, u := range config.Resources.Ulimit {
- if ul, err = units.ParseUlimit(u); err != nil {
+ ul, err := units.ParseUlimit(u)
+ if err != nil {
return errors.Wrapf(err, "ulimit option %q requires name=SOFT:HARD, failed to be parsed", u)
}
if ul.Name == "nofile" {
nofileSet = true
+ } else if ul.Name == "nproc" {
+ nprocSet = true
}
g.AddProcessRlimits("RLIMIT_"+strings.ToUpper(ul.Name), uint64(ul.Hard), uint64(ul.Soft))
}
- if !nofileSet && !rootless.IsRootless() {
- g.AddProcessRlimits("RLIMIT_NOFILE", 1048576, 1048576)
+ // If not explicitly overridden by the user, default number of open
+ // files and number of processes to the maximum they can be set to
+ // (without overriding a sysctl)
+ if !nofileSet && !isRootless {
+ g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax)
+ }
+ if !nprocSet && !isRootless {
+ g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax)
}
return nil