Merge pull request #7005 from giuseppe/set-umask-rlimits

abi: set default umask and rlimits

3 files changed, 46 insertions, 0 deletions

diff --git a/cmd/podman/early_init_linux.go b/cmd/podman/early_init_linux.go
new file mode 100644
index 000000000..b43450a7f
--- /dev/null
+++ b/cmd/podman/early_init_linux.go
@@ -0,0 +1,39 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+
+	"github.com/containers/libpod/v2/libpod/define"
+	"github.com/pkg/errors"
+)
+
+func setRLimits() error {
+	rlimits := new(syscall.Rlimit)
+	rlimits.Cur = define.RLimitDefaultValue
+	rlimits.Max = define.RLimitDefaultValue
+	if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+		if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+			return errors.Wrapf(err, "error getting rlimits")
+		}
+		rlimits.Cur = rlimits.Max
+		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+			return errors.Wrapf(err, "error setting new rlimits")
+		}
+	}
+	return nil
+}
+
+func setUMask() {
+	// Be sure we can create directories with 0755 mode.
+	syscall.Umask(0022)
+}
+
+func earlyInitHook() {
+	if err := setRLimits(); err != nil {
+		fmt.Fprint(os.Stderr, "Failed to set rlimits: "+err.Error())
+	}
+
+	setUMask()
+}
diff --git a/cmd/podman/early_init_unsupported.go b/cmd/podman/early_init_unsupported.go
new file mode 100644
index 000000000..4e748559f
--- /dev/null
+++ b/cmd/podman/early_init_unsupported.go
@@ -0,0 +1,6 @@
+// +build !linux
+
+package main
+
+func earlyInitHook() {
+}
diff --git a/cmd/podman/root.go b/cmd/podman/root.go
index eccca3d11..c6ced21c0 100644
--- a/cmd/podman/root.go
+++ b/cmd/podman/root.go
@@ -77,6 +77,7 @@ func init() {
 	cobra.OnInitialize(
 		loggingHook,
 		syslogHook,
+		earlyInitHook,
 	)
 
 	rootFlags(rootCmd, registry.PodmanConfig())