diff options
-rw-r--r-- | pkg/spec/spec.go | 32 | ||||
-rw-r--r-- | pkg/specgen/generate/oci.go | 32 |
2 files changed, 54 insertions, 10 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 7ee2df890..cb2403dec 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -16,6 +16,8 @@ import ( spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" ) const CpuPeriod = 100000 @@ -533,11 +535,31 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error { // If not explicitly overridden by the user, default number of open // files and number of processes to the maximum they can be set to // (without overriding a sysctl) - if !nofileSet && !isRootless { - g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax) - } - if !nprocSet && !isRootless { - g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax) + if !nofileSet { + max := kernelMax + current := kernelMax + if isRootless { + var rlimit unix.Rlimit + if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil { + logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err) + } + current = rlimit.Cur + max = rlimit.Max + } + g.AddProcessRlimits("RLIMIT_NOFILE", current, max) + } + if !nprocSet { + max := kernelMax + current := kernelMax + if isRootless { + var rlimit unix.Rlimit + if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil { + logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err) + } + current = rlimit.Cur + max = rlimit.Max + } + g.AddProcessRlimits("RLIMIT_NPROC", current, max) } return nil diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 87262684e..f2292f500 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -13,6 +13,8 @@ import ( spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" ) func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error { @@ -41,11 +43,31 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error { // If not explicitly overridden by the user, default number of open // files and number of processes to the maximum they can be set to // (without overriding a sysctl) - if !nofileSet && !isRootless { - g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax) - } - if !nprocSet && !isRootless { - g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax) + if !nofileSet { + max := kernelMax + current := kernelMax + if isRootless { + var rlimit unix.Rlimit + if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil { + logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err) + } + current = rlimit.Cur + max = rlimit.Max + } + g.AddProcessRlimits("RLIMIT_NOFILE", current, max) + } + if !nprocSet { + max := kernelMax + current := kernelMax + if isRootless { + var rlimit unix.Rlimit + if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil { + logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err) + } + current = rlimit.Cur + max = rlimit.Max + } + g.AddProcessRlimits("RLIMIT_NPROC", current, max) } return nil |