summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2018-07-02 12:50:37 -0700
committerShentubot <shentubot@google.com>2018-07-02 12:51:38 -0700
commitfa64c2a1517d20c08447bb2230f2903ec3baade9 (patch)
tree0903ae1d6182a2b74f3624f97323b3c744c34ef9 /runsc/boot
parent7f9c822f536fb6095ab25f5ae738f3e45855ce43 (diff)
Make default limits the same as with runc
Closes #2 PiperOrigin-RevId: 202997196 Change-Id: I0c9f6f5a8a1abe1ae427bca5f590bdf9f82a6675
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/limits.go41
1 files changed, 31 insertions, 10 deletions
diff --git a/runsc/boot/limits.go b/runsc/boot/limits.go
index ea72de8e9..510497eba 100644
--- a/runsc/boot/limits.go
+++ b/runsc/boot/limits.go
@@ -23,29 +23,50 @@ import (
// Mapping from linux resource names to limits.LimitType.
var fromLinuxResource = map[string]limits.LimitType{
+ "RLIMIT_AS": limits.AS,
+ "RLIMIT_CORE": limits.Core,
"RLIMIT_CPU": limits.CPU,
- "RLIMIT_FSIZE": limits.FileSize,
"RLIMIT_DATA": limits.Data,
- "RLIMIT_STACK": limits.Stack,
- "RLIMIT_CORE": limits.Core,
- "RLIMIT_RSS": limits.Rss,
- "RLIMIT_NPROC": limits.ProcessCount,
- "RLIMIT_NOFILE": limits.NumberOfFiles,
- "RLIMIT_MEMLOCK": limits.MemoryPagesLocked,
- "RLIMIT_AS": limits.AS,
+ "RLIMIT_FSIZE": limits.FileSize,
"RLIMIT_LOCKS": limits.Locks,
- "RLIMIT_SIGPENDING": limits.SignalsPending,
+ "RLIMIT_MEMLOCK": limits.MemoryPagesLocked,
"RLIMIT_MSGQUEUE": limits.MessageQueueBytes,
"RLIMIT_NICE": limits.Nice,
+ "RLIMIT_NOFILE": limits.NumberOfFiles,
+ "RLIMIT_NPROC": limits.ProcessCount,
+ "RLIMIT_RSS": limits.Rss,
"RLIMIT_RTPRIO": limits.RealTimePriority,
"RLIMIT_RTTIME": limits.Rttime,
+ "RLIMIT_SIGPENDING": limits.SignalsPending,
+ "RLIMIT_STACK": limits.Stack,
}
func createLimitSet(spec *specs.Spec) (*limits.LimitSet, error) {
- ls, err := limits.NewLinuxDistroLimitSet()
+ ls, err := limits.NewLinuxLimitSet()
if err != nil {
return nil, err
}
+
+ // Set default limits based on what containers get by default, ex:
+ // $ docker run --rm debian prlimit
+ ls.SetUnchecked(limits.AS, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.Core, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.CPU, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.Data, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.FileSize, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.Locks, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.MemoryPagesLocked, limits.Limit{Cur: 65536, Max: 65536})
+ ls.SetUnchecked(limits.MessageQueueBytes, limits.Limit{Cur: 819200, Max: 819200})
+ ls.SetUnchecked(limits.Nice, limits.Limit{Cur: 0, Max: 0})
+ ls.SetUnchecked(limits.NumberOfFiles, limits.Limit{Cur: 1048576, Max: 1048576})
+ ls.SetUnchecked(limits.ProcessCount, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.Rss, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.RealTimePriority, limits.Limit{Cur: 0, Max: 0})
+ ls.SetUnchecked(limits.Rttime, limits.Limit{Cur: limits.Infinity, Max: limits.Infinity})
+ ls.SetUnchecked(limits.SignalsPending, limits.Limit{Cur: 0, Max: 0})
+ ls.SetUnchecked(limits.Stack, limits.Limit{Cur: 8388608, Max: limits.Infinity})
+
+ // Then apply overwrites on top of defaults.
for _, rl := range spec.Process.Rlimits {
lt, ok := fromLinuxResource[rl.Type]
if !ok {