search

microsoft / opengcs

Moved to https://github.com/microsoft/hcsshim/tree/master/internal/guest. If you wish to open PRs/submit issues please do so against https://github.com/microsoft/hcsshim.
MIT License
83 stars 41 forks source link

init: Set RLIMIT_NOFILE hard limit to 1M #368

Closed jstarks closed 4 years ago

jstarks commented 4 years ago

Many containers expect an rlimit hard limit greater than the kernel default of 4096. On Debian systems, the default hard limit is 1M. In 2018, systemd set the default hard limit to 512K for all processes it launces. Apparently modern kernel versions can handle large limits without disadvantage: large limits are efficient, and large fd memory use is correctly accounted in cgroups.

Therefore, unconditionally set a large hard limit. Keep the soft limit small for compatibility (an unprivileged process can update the soft limit up to the hard limit).

jstarks commented 4 years ago

Note that I have not actually tested this other than to ensure it builds. :)

kevpar commented 4 years ago

Tested :)