diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-04-21 11:17:35 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-21 11:17:35 -0400 |
commit | a2541bf133576383f9c4fc97fef6bce92a4a1f4b (patch) | |
tree | a0bd13ef07e4f84570aca1b66dc0032b19e9533b /pkg/specgen | |
parent | f4c2eb1d9dcff5feda5c3eae81ce1bcdbf166ec4 (diff) | |
parent | 0108161a4e032d16dd4a4b230362299725bcf5d2 (diff) | |
download | podman-a2541bf133576383f9c4fc97fef6bce92a4a1f4b.tar.gz podman-a2541bf133576383f9c4fc97fef6bce92a4a1f4b.tar.bz2 podman-a2541bf133576383f9c4fc97fef6bce92a4a1f4b.zip |
Merge pull request #5912 from giuseppe/v2-rlimits
v2, pkg: implement rlimits
Diffstat (limited to 'pkg/specgen')
-rw-r--r-- | pkg/specgen/generate/oci.go | 44 |
1 files changed, 39 insertions, 5 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 0ed091f9a..fc269cd44 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -12,6 +12,42 @@ import ( "github.com/opencontainers/runtime-tools/generate" ) +func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error { + var ( + kernelMax uint64 = 1048576 + isRootless = rootless.IsRootless() + nofileSet = false + nprocSet = false + ) + + if s.Rlimits == nil { + g.Config.Process.Rlimits = nil + return nil + } + + for _, u := range s.Rlimits { + name := "RLIMIT_" + strings.ToUpper(u.Type) + if name == "RLIMIT_NOFILE" { + nofileSet = true + } else if name == "RLIMIT_NPROC" { + nprocSet = true + } + g.AddProcessRlimits(name, u.Hard, u.Soft) + } + + // If not explicitly overridden by the user, default number of open + // files and number of processes to the maximum they can be set to + // (without overriding a sysctl) + if !nofileSet && !isRootless { + g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax) + } + if !nprocSet && !isRootless { + g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax) + } + + return nil +} + func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.Image) (*spec.Spec, error) { var ( inUserNS bool @@ -176,11 +212,9 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image. g.AddProcessEnv(name, val) } - // TODO rlimits and ulimits needs further refinement by someone more - // familiar with the code. - //if err := addRlimits(config, &g); err != nil { - // return nil, err - //} + if err := addRlimits(s, &g); err != nil { + return nil, err + } // NAMESPACES |