diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2019-04-17 12:56:23 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2019-04-17 12:57:40 -0700 |
| commit | c8cee7108f1a1b37e89961c6dd69ccab97952c86 (patch) | |
| tree | 57565d1df112795354487f636d42b9bca5a231e2 /runsc/boot/fs.go | |
| parent | 08d99c5fbea76ecc92038280387d24ecdf7ed814 (diff) | |
Use FD limit and file size limit from host
FD limit and file size limit is read from the host, instead
of using hard-coded defaults, given that they effect the sandbox
process. Also limit the direct cache to use no more than half
if the available FDs.
PiperOrigin-RevId: 244050323
Change-Id: I787ad0fdf07c49d589e51aebfeae477324fe26e6
Diffstat (limited to 'runsc/boot/fs.go')
| -rw-r--r-- | runsc/boot/fs.go | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go index 8dfb6dce6..761142d98 100644 --- a/runsc/boot/fs.go +++ b/runsc/boot/fs.go @@ -20,10 +20,10 @@ import ( "path/filepath" "strconv" "strings" + "syscall" // Include filesystem types that OCI spec might mount. _ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/dev" - _ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/gofer" _ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/host" _ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/proc" _ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/sys" @@ -38,6 +38,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/log" "gvisor.googlesource.com/gvisor/pkg/sentry/context" "gvisor.googlesource.com/gvisor/pkg/sentry/fs" + "gvisor.googlesource.com/gvisor/pkg/sentry/fs/gofer" "gvisor.googlesource.com/gvisor/pkg/sentry/fs/ramfs" "gvisor.googlesource.com/gvisor/pkg/syserror" "gvisor.googlesource.com/gvisor/runsc/specutils" @@ -81,6 +82,22 @@ func (f *fdDispenser) empty() bool { return len(f.fds) == 0 } +func adjustDirentCache(k *kernel.Kernel) error { + var hl syscall.Rlimit + if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &hl); err != nil { + return fmt.Errorf("getting RLIMIT_NOFILE: %v", err) + } + if int64(hl.Cur) != syscall.RLIM_INFINITY { + newSize := hl.Cur / 2 + if newSize < gofer.DefaultDirentCacheSize { + log.Infof("Setting gofer dirent cache size to %d", newSize) + gofer.DefaultDirentCacheSize = newSize + k.DirentCacheLimiter = fs.NewDirentCacheLimiter(newSize) + } + } + return nil +} + // setupRootContainerFS creates a mount namespace containing the root filesystem // and all mounts. 'rootCtx' is used to walk directories to find mount points. // 'setMountNS' is called after namespace is created. It must set the mount NS |