From a2c1a2df54f3660cdb49022fee1eae4a968c279a Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 10 Jan 2019 16:44:40 +0100
Subject: podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE

If we are not able to make arbitrary changes to the RLIMIT_NOFILE when
lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum
allowed.  In this way the same code path works with rootless mode.

Closes: https://github.com/containers/libpod/issues/2123

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 cmd/podman/main.go | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

(limited to 'cmd')

diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 43804ee35..604404827 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -148,16 +148,20 @@ func main() {
 			logrus.SetLevel(level)
 		}
 
-		// Only if not rootless, set rlimits for open files.
-		// We open numerous FDs for ports opened
-		if !rootless.IsRootless() {
-			rlimits := new(syscall.Rlimit)
-			rlimits.Cur = 1048576
-			rlimits.Max = 1048576
+		rlimits := new(syscall.Rlimit)
+		rlimits.Cur = 1048576
+		rlimits.Max = 1048576
+		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+			if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+				return errors.Wrapf(err, "error getting rlimits")
+			}
+			rlimits.Cur = rlimits.Max
 			if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
 				return errors.Wrapf(err, "error setting new rlimits")
 			}
-		} else {
+		}
+
+		if rootless.IsRootless() {
 			logrus.Info("running as rootless")
 		}
 
-- 
cgit v1.2.3-54-g00ecf