1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00

nspawn: bump RLIMIT_NOFILE for nspawn payload similar to how host PID 1 does it for its payload

We try to pass containers roughly the same rlimits as the host gets from
the kernel. However, this means we'd set the RLIMIT_NOFILE to 4K. Which
is quite limiting though, and is something we actually departed from in
PID1: since 52d6207578 we raise the limit
substantially for all userspace.

Given that nspawn is quite often invoked without proper PID1, let's raise the
limits for container payloads the same way as we do from the real PID1
to its service payloads.
This commit is contained in:
Lennart Poettering 2021-10-22 17:34:46 +02:00
parent a07ab1dd8c
commit dbf1aca619

View File

@ -5330,6 +5330,15 @@ static int initialize_rlimits(void) {
if (prlimit(1, rl, NULL, &buffer) < 0)
return log_error_errno(errno, "Failed to read resource limit RLIMIT_%s of PID 1: %m", rlimit_to_string(rl));
v = &buffer;
} else if (rl == RLIMIT_NOFILE) {
/* We nowadays bump RLIMIT_NOFILE's hard limit early in PID 1 for all
* userspace. Given that nspawn containers are often run without our PID 1,
* let's grant the containers a raised RLIMIT_NOFILE hard limit by default,
* so that container userspace gets similar resources as host userspace
* gets. */
buffer = kernel_defaults[rl];
buffer.rlim_max = MIN((rlim_t) read_nr_open(), (rlim_t) HIGH_RLIMIT_NOFILE);
v = &buffer;
} else
v = kernel_defaults + rl;