abi: set default umask and rlimits

the code got lost in the migration to podman 2.0, reintroduce it.

Closes: https://github.com/containers/podman/issues/6989

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

<MH: Fixed build>

Signed-off-by: Matthew Heon <matthew.heon@pm.me>

1 files changed, 7 insertions, 8 deletions

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 6f52b88b1..b974772d5 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -505,10 +505,9 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate.
 
 func addRlimits(config *CreateConfig, g *generate.Generator) error {
 	var (
-		kernelMax  uint64 = 1048576
-		isRootless        = rootless.IsRootless()
-		nofileSet         = false
-		nprocSet          = false
+		isRootless = rootless.IsRootless()
+		nofileSet  = false
+		nprocSet   = false
 	)
 
 	for _, u := range config.Resources.Ulimit {
@@ -538,8 +537,8 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
 	// files and number of processes to the maximum they can be set to
 	// (without overriding a sysctl)
 	if !nofileSet {
-		max := kernelMax
-		current := kernelMax
+		max := define.RLimitDefaultValue
+		current := define.RLimitDefaultValue
 		if isRootless {
 			var rlimit unix.Rlimit
 			if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
@@ -555,8 +554,8 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
 		g.AddProcessRlimits("RLIMIT_NOFILE", max, current)
 	}
 	if !nprocSet {
-		max := kernelMax
-		current := kernelMax
+		max := define.RLimitDefaultValue
+		current := define.RLimitDefaultValue
 		if isRootless {
 			var rlimit unix.Rlimit
 			if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {