diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2018-07-02 12:50:37 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-07-02 12:51:38 -0700 |
| commit | fa64c2a1517d20c08447bb2230f2903ec3baade9 (patch) | |
| tree | 0903ae1d6182a2b74f3624f97323b3c744c34ef9 /runsc/boot | |
| parent | 7f9c822f536fb6095ab25f5ae738f3e45855ce43 (diff) | |
Make default limits the same as with runc
Closes #2
PiperOrigin-RevId: 202997196
Change-Id: I0c9f6f5a8a1abe1ae427bca5f590bdf9f82a6675
Diffstat (limited to 'runsc/boot')
| -rw-r--r-- | runsc/boot/limits.go | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/runsc/boot/limits.go b/runsc/boot/limits.go index ea72de8e9..510497eba 100644 --- a/runsc/boot/limits.go +++ b/runsc/boot/limits.go @@ -23,29 +23,50 @@ import ( // Mapping from linux resource names to limits.LimitType. var fromLinuxResource = map[string]limits.LimitType{ + "RLIMIT_AS": limits.AS, + "RLIMIT_CORE": limits.Core, "RLIMIT_CPU": limits.CPU, - "RLIMIT_FSIZE": limits.FileSize, "RLIMIT_DATA": limits.Data, - "RLIMIT_STACK": limits.Stack, - "RLIMIT_CORE": limits.Core, - "RLIMIT_RSS": limits.Rss, - "RLIMIT_NPROC": limits.ProcessCount, - "RLIMIT_NOFILE": limits.NumberOfFiles, - "RLIMIT_MEMLOCK": limits.MemoryPagesLocked, - "RLIMIT_AS": limits.AS, + "RLIMIT_FSIZE": limits.FileSize, "RLIMIT_LOCKS": limits.Locks, - "RLIMIT_SIGPENDING": limits.SignalsPending, + "RLIMIT_MEMLOCK": limits.MemoryPagesLocked, "RLIMIT_MSGQUEUE": limits.MessageQueueBytes, "RLIMIT_NICE": limits.Nice, + "RLIMIT_NOFILE": limits.NumberOfFiles, + "RLIMIT_NPROC": limits.ProcessCount, + "RLIMIT_RSS": limits.Rss, "RLIMIT_RTPRIO": limits.RealTimePriority, "RLIMIT_RTTIME": limits.Rttime, + "RLIMIT_SIGPENDING": limits.SignalsPending, + "RLIMIT_STACK": limits.Stack, } func createLimitSet(spec *specs.Spec) (*limits.LimitSet, error) { - ls, err := limits.NewLinuxDistroLimitSet() + ls, err := limits.NewLinuxLimitSet() if err != nil { return nil, err } + + // Set default limits based on what containers get by default, ex: + // $ docker run --rm debian prlimit + ls.SetUnchecked(limits.AS, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.Core, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.CPU, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.Data, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.FileSize, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.Locks, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.MemoryPagesLocked, limits.Limit{Cur: 65536, Max: 65536}) + ls.SetUnchecked(limits.MessageQueueBytes, limits.Limit{Cur: 819200, Max: 819200}) + ls.SetUnchecked(limits.Nice, limits.Limit{Cur: 0, Max: 0}) + ls.SetUnchecked(limits.NumberOfFiles, limits.Limit{Cur: 1048576, Max: 1048576}) + ls.SetUnchecked(limits.ProcessCount, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.Rss, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.RealTimePriority, limits.Limit{Cur: 0, Max: 0}) + ls.SetUnchecked(limits.Rttime, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity}) + ls.SetUnchecked(limits.SignalsPending, limits.Limit{Cur: 0, Max: 0}) + ls.SetUnchecked(limits.Stack, limits.Limit{Cur: 8388608, Max: limits.Infinity}) + + // Then apply overwrites on top of defaults. for _, rl := range spec.Process.Rlimits { lt, ok := fromLinuxResource[rl.Type] if !ok { |