summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkg/spec/spec.go32
-rw-r--r--pkg/specgen/generate/oci.go32
2 files changed, 54 insertions, 10 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 7ee2df890..cb2403dec 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -16,6 +16,8 @@ import (
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
)
const CpuPeriod = 100000
@@ -533,11 +535,31 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
// If not explicitly overridden by the user, default number of open
// files and number of processes to the maximum they can be set to
// (without overriding a sysctl)
- if !nofileSet && !isRootless {
- g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax)
- }
- if !nprocSet && !isRootless {
- g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax)
+ if !nofileSet {
+ max := kernelMax
+ current := kernelMax
+ if isRootless {
+ var rlimit unix.Rlimit
+ if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
+ logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err)
+ }
+ current = rlimit.Cur
+ max = rlimit.Max
+ }
+ g.AddProcessRlimits("RLIMIT_NOFILE", current, max)
+ }
+ if !nprocSet {
+ max := kernelMax
+ current := kernelMax
+ if isRootless {
+ var rlimit unix.Rlimit
+ if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
+ logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err)
+ }
+ current = rlimit.Cur
+ max = rlimit.Max
+ }
+ g.AddProcessRlimits("RLIMIT_NPROC", current, max)
}
return nil
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 87262684e..f2292f500 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -13,6 +13,8 @@ import (
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
)
func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
@@ -41,11 +43,31 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
// If not explicitly overridden by the user, default number of open
// files and number of processes to the maximum they can be set to
// (without overriding a sysctl)
- if !nofileSet && !isRootless {
- g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax)
- }
- if !nprocSet && !isRootless {
- g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax)
+ if !nofileSet {
+ max := kernelMax
+ current := kernelMax
+ if isRootless {
+ var rlimit unix.Rlimit
+ if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
+ logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err)
+ }
+ current = rlimit.Cur
+ max = rlimit.Max
+ }
+ g.AddProcessRlimits("RLIMIT_NOFILE", current, max)
+ }
+ if !nprocSet {
+ max := kernelMax
+ current := kernelMax
+ if isRootless {
+ var rlimit unix.Rlimit
+ if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
+ logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err)
+ }
+ current = rlimit.Cur
+ max = rlimit.Max
+ }
+ g.AddProcessRlimits("RLIMIT_NPROC", current, max)
}
return nil