summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate/oci.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-04-21 11:17:35 -0400
committerGitHub <noreply@github.com>2020-04-21 11:17:35 -0400
commita2541bf133576383f9c4fc97fef6bce92a4a1f4b (patch)
treea0bd13ef07e4f84570aca1b66dc0032b19e9533b /pkg/specgen/generate/oci.go
parentf4c2eb1d9dcff5feda5c3eae81ce1bcdbf166ec4 (diff)
parent0108161a4e032d16dd4a4b230362299725bcf5d2 (diff)
downloadpodman-a2541bf133576383f9c4fc97fef6bce92a4a1f4b.tar.gz
podman-a2541bf133576383f9c4fc97fef6bce92a4a1f4b.tar.bz2
podman-a2541bf133576383f9c4fc97fef6bce92a4a1f4b.zip
Merge pull request #5912 from giuseppe/v2-rlimits
v2, pkg: implement rlimits
Diffstat (limited to 'pkg/specgen/generate/oci.go')
-rw-r--r--pkg/specgen/generate/oci.go44
1 files changed, 39 insertions, 5 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 0ed091f9a..fc269cd44 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -12,6 +12,42 @@ import (
"github.com/opencontainers/runtime-tools/generate"
)
+func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
+ var (
+ kernelMax uint64 = 1048576
+ isRootless = rootless.IsRootless()
+ nofileSet = false
+ nprocSet = false
+ )
+
+ if s.Rlimits == nil {
+ g.Config.Process.Rlimits = nil
+ return nil
+ }
+
+ for _, u := range s.Rlimits {
+ name := "RLIMIT_" + strings.ToUpper(u.Type)
+ if name == "RLIMIT_NOFILE" {
+ nofileSet = true
+ } else if name == "RLIMIT_NPROC" {
+ nprocSet = true
+ }
+ g.AddProcessRlimits(name, u.Hard, u.Soft)
+ }
+
+ // If not explicitly overridden by the user, default number of open
+ // files and number of processes to the maximum they can be set to
+ // (without overriding a sysctl)
+ if !nofileSet && !isRootless {
+ g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax)
+ }
+ if !nprocSet && !isRootless {
+ g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax)
+ }
+
+ return nil
+}
+
func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.Image) (*spec.Spec, error) {
var (
inUserNS bool
@@ -176,11 +212,9 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
g.AddProcessEnv(name, val)
}
- // TODO rlimits and ulimits needs further refinement by someone more
- // familiar with the code.
- //if err := addRlimits(config, &g); err != nil {
- // return nil, err
- //}
+ if err := addRlimits(s, &g); err != nil {
+ return nil, err
+ }
// NAMESPACES