-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE #2126
Conversation
cmd/podman/main.go
Outdated
if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil { | ||
return errors.Wrapf(err, "error setting new rlimits") | ||
} | ||
} else { | ||
logrus.Info("running as rootless") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IDK what others think, but it might be nice to keep this in play.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do we need it if the more generic version handles both cases?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's just a nicety/reminder when scrounging through the logs that the command was running rootless. Not a strong leaning.
I'd almost rather just ignore the error from setrlimit, but this is fine too. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Changes LGTM, would like to keep the informational message, but a toss on that. Tests don't look happy though. |
If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: containers#2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Code LGTM |
/lgtm |
If we are not able to make arbitrary changes to the RLIMIT_NOFILE when
lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum
allowed. In this way the same code path works with rootless mode.
Closes: #2123
Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com