diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-05-11 12:53:13 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-05-11 13:02:33 +0200 |
commit | 76f8efc0d0d7a697a4821d01f3c5dbf67bf33d8e (patch) | |
tree | b938c08824938b7adcce3888c9954e3118337b89 /pkg/spec | |
parent | 18b273b72ba76d485eb1b4d5df48bff1685953ff (diff) | |
download | podman-76f8efc0d0d7a697a4821d01f3c5dbf67bf33d8e.tar.gz podman-76f8efc0d0d7a697a4821d01f3c5dbf67bf33d8e.tar.bz2 podman-76f8efc0d0d7a697a4821d01f3c5dbf67bf33d8e.zip |
spec: fix order for setting rlimits
also make sure that the limits we set for rootless are not higher than
what we'd set for root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/spec')
-rw-r--r-- | pkg/spec/spec.go | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 77e92ae29..25cad9578 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -545,10 +545,14 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error { if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil { logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err) } - current = rlimit.Cur - max = rlimit.Max + if rlimit.Cur < current { + current = rlimit.Cur + } + if rlimit.Max < max { + max = rlimit.Max + } } - g.AddProcessRlimits("RLIMIT_NOFILE", current, max) + g.AddProcessRlimits("RLIMIT_NOFILE", max, current) } if !nprocSet { max := kernelMax @@ -558,10 +562,14 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error { if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil { logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err) } - current = rlimit.Cur - max = rlimit.Max + if rlimit.Cur < current { + current = rlimit.Cur + } + if rlimit.Max < max { + max = rlimit.Max + } } - g.AddProcessRlimits("RLIMIT_NPROC", current, max) + g.AddProcessRlimits("RLIMIT_NPROC", max, current) } return nil |