ulimit -n is too low inside toolbox and can't be changed.

[ocrete]

Building GStreamer with Cerbero requires over 1024 FDs, creating a container by hand with podman I can do "--ulimit nofile=10240", but I can't find a similar option when using toolbox.

[debarshiray]

Interesting.

We could bump the default limit for all toolboxes and/or introduce a toolbox create command line flag to override it.

However, I don't think it will really work. A non-root user can't override ulimit -n when running directly on the host. While rootless podman create --name foo --ulimit nofile=10240 ... does work, rootless podman start foo will error out. So you can't really use the container.

[debarshiray]

Were you by any chance referring to the soft and hard limits?

On my host, the hard limit is 4096 and the soft limit is 1024. Hence a non-root user can bump the soft limit till 4096:

[rishi@kolache ~]$ ulimit -H -n
4096
[rishi@kolache ~]$ ulimit -S -n
1024
[rishi@kolache ~]$ ulimit -S -n 4096
[rishi@kolache ~]$ ulimit -H -n
4096
[rishi@kolache ~]$ ulimit -S -n
4096

However, inside the rootless toolbox container, both soft and hard limits are 1024:

⬢[rishi@toolbox ~]$ ulimit -H -n
1024
⬢[rishi@toolbox ~]$ ulimit -S -n
1024

[debarshiray]

As @giuseppe pointed out, this does work: podman create --ulimit nofile=1024:4096.

Are 4096 file descriptors enough to build GStreamer with Cerbero? :)

[ocrete]

Yes, I'm referring to the hard limit inside the container being set to the soft limit of the host. I guess ideally for toolbox, the hard would be set to the hard limit of the host for most thing.

[ocrete]

On my recently installed F30 machine, I have a hard limit of 524288 fds, which makes a lot of sense

[ocrete]

Erm, for GStreamer, we set it to 10240 .. but I thinkm ito's just adding a 0.. Can't we just inherit the limit from the host ? --ulimit nofile=$(ulimit -n):$(ulimit -H -n)

[debarshiray]

On my recently installed F30 machine, I have a hard limit of 524288 fds

Ah, so the hard limit is indeed higher on Fedora 30. So far I was playing on Fedora 29, where the hard limit used to be 4096.

Can't we just inherit the limit from the host ? --ulimit nofile=$(ulimit -n):$(ulimit -H -n)

Yeah, I think for toolbox containers we should just use the host limits. @giuseppe said that he's investigating if this can be made even easier with --ulimit host. If so we'd just use that. The more we can delegate to Podman, the better. :)

[giuseppe]

I've opened a PR so you can use --ulimit host and not have to worry to copy them from the system:

containers/podman#3491

[HarryMichal]

Just experienced a problem with this when I tried to install packages using npm.

[jgillich]

The low limit also causes issues with Wine/Esync.

[debarshiray]

Fixed via https://github.com/debarshiray/toolbox/pull/229

You'd need Podman 1.5.0 to have the ulimits passed through from the host to the containers.