mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
nspawn: bump RLIMIT_NOFILE for nspawn payload similar to how host PID 1 does it for its payload
We try to pass containers roughly the same rlimits as the host gets from
the kernel. However, this means we'd set the RLIMIT_NOFILE to 4K. Which
is quite limiting though, and is something we actually departed from in
PID1: since 52d6207578
we raise the limit
substantially for all userspace.
Given that nspawn is quite often invoked without proper PID1, let's raise the
limits for container payloads the same way as we do from the real PID1
to its service payloads.
This commit is contained in:
parent
a07ab1dd8c
commit
dbf1aca619
@ -5330,6 +5330,15 @@ static int initialize_rlimits(void) {
|
||||
if (prlimit(1, rl, NULL, &buffer) < 0)
|
||||
return log_error_errno(errno, "Failed to read resource limit RLIMIT_%s of PID 1: %m", rlimit_to_string(rl));
|
||||
|
||||
v = &buffer;
|
||||
} else if (rl == RLIMIT_NOFILE) {
|
||||
/* We nowadays bump RLIMIT_NOFILE's hard limit early in PID 1 for all
|
||||
* userspace. Given that nspawn containers are often run without our PID 1,
|
||||
* let's grant the containers a raised RLIMIT_NOFILE hard limit by default,
|
||||
* so that container userspace gets similar resources as host userspace
|
||||
* gets. */
|
||||
buffer = kernel_defaults[rl];
|
||||
buffer.rlim_max = MIN((rlim_t) read_nr_open(), (rlim_t) HIGH_RLIMIT_NOFILE);
|
||||
v = &buffer;
|
||||
} else
|
||||
v = kernel_defaults + rl;
|
||||
|
Loading…
Reference in New Issue
Block a user