podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE #2126
Conversation
cmd/podman/main.go
Outdated
| if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil { | ||
| return errors.Wrapf(err, "error setting new rlimits") | ||
| } | ||
| } else { | ||
| logrus.Info("running as rootless") |
There was a problem hiding this comment.
IDK what others think, but it might be nice to keep this in play.
There was a problem hiding this comment.
why do we need it if the more generic version handles both cases?
There was a problem hiding this comment.
I think it's just a nicety/reminder when scrounging through the logs that the command was running rootless. Not a strong leaning.
|
I'd almost rather just ignore the error from setrlimit, but this is fine too. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
Changes LGTM, would like to keep the informational message, but a toss on that. Tests don't look happy though. |
If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: containers#2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
Code LGTM |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
If we are not able to make arbitrary changes to the RLIMIT_NOFILE when
lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum
allowed. In this way the same code path works with rootless mode.
Closes: #2123
Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com