Merge pull request #3491 from giuseppe/rlimit-host

podman: add --ulimit host
2025-05-29 22:46:25 +08:00 · 2019-07-11 21:35:37 +02:00
parent 24409daa36 fb88074e68
commit 2b64f88446
6 changed files with 94 additions and 0 deletions
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@ -723,6 +723,8 @@ The following example maps uids 0-2000 in the container to the uids 30000-31999

 Ulimit options

+You can pass `host` to copy the current configuration from the host.
+
 **--user**, **-u**=*user*

 Sets the username or UID used and optionally the groupname or GID for the specified command.
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@ -759,6 +759,8 @@ The example maps uids 0-2000 in the container to the uids 30000-31999 on the hos

 Ulimit options

+You can pass `host` to copy the current configuration from the host.
+
 **--user**, **-u**=*user*

 Sets the username or UID used and optionally the groupname or GID for the specified command.
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@ -20,6 +20,12 @@ import (

 const cpuPeriod = 100000

+type systemUlimit struct {
+	name string
+	max  uint64
+	cur  uint64
+}
+
 func getAvailableGids() (int64, error) {
 	idMap, err := user.ParseIDMapFile("/proc/self/gid_map")
 	if err != nil {
@ -557,6 +563,20 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
 	)

 	for _, u := range config.Resources.Ulimit {
+		if u == "host" {
+			if len(config.Resources.Ulimit) != 1 {
+				return errors.New("ulimit can use host only once")
+			}
+			hostLimits, err := getHostRlimits()
+			if err != nil {
+				return err
+			}
+			for _, i := range hostLimits {
+				g.AddProcessRlimits(i.name, i.max, i.cur)
+			}
+			break
+		}
+
 		ul, err := units.ParseUlimit(u)
 		if err != nil {
 			return errors.Wrapf(err, "ulimit option %q requires name=SOFT:HARD, failed to be parsed", u)
--- a/pkg/spec/spec_linux.go
+++ b/pkg/spec/spec_linux.go
@ -0,0 +1,42 @@
+//+build linux
+
+package createconfig
+
+import (
+	"syscall"
+
+	"github.com/pkg/errors"
+)
+
+type systemRlimit struct {
+	name  string
+	value int
+}
+
+var systemLimits = []systemRlimit{
+	{"RLIMIT_AS", syscall.RLIMIT_AS},
+	{"RLIMIT_CORE", syscall.RLIMIT_CORE},
+	{"RLIMIT_CPU", syscall.RLIMIT_CPU},
+	{"RLIMIT_DATA", syscall.RLIMIT_DATA},
+	{"RLIMIT_FSIZE", syscall.RLIMIT_FSIZE},
+	{"RLIMIT_NOFILE", syscall.RLIMIT_NOFILE},
+	{"RLIMIT_STACK", syscall.RLIMIT_STACK},
+}
+
+func getHostRlimits() ([]systemUlimit, error) {
+	ret := []systemUlimit{}
+	for _, i := range systemLimits {
+		var l syscall.Rlimit
+		if err := syscall.Getrlimit(i.value, &l); err != nil {
+			return nil, errors.Wrapf(err, "cannot read limits for %s", i.name)
+		}
+		s := systemUlimit{
+			name: i.name,
+			max:  l.Max,
+			cur:  l.Cur,
+		}
+		ret = append(ret, s)
+	}
+	return ret, nil
+
+}
--- a/pkg/spec/spec_unsupported.go
+++ b/pkg/spec/spec_unsupported.go
@ -0,0 +1,7 @@
+//+build !linux
+
+package createconfig
+
+func getHostRlimits() ([]systemUlimit, error) {
+	return nil, nil
+}
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@ -8,7 +8,9 @@ import (
 	"net"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
+	"syscall"
 	"time"

 	. "github.com/containers/libpod/test/utils"
@ -250,6 +252,25 @@ var _ = Describe("Podman run", func() {
 		Expect(session.OutputToString()).To(ContainSubstring("100"))
 	})

+	It("podman run limits host test", func() {
+		SkipIfRemote()
+
+		var l syscall.Rlimit
+
+		err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l)
+		Expect(err).To(BeNil())
+
+		session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "host", fedoraMinimal, "ulimit", "-Hn"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		ulimitCtrStr := strings.TrimSpace(session.OutputToString())
+		ulimitCtr, err := strconv.ParseUint(ulimitCtrStr, 10, 0)
+		Expect(err).To(BeNil())
+
+		Expect(ulimitCtr).Should(BeNumerically(">=", l.Max))
+	})
+
 	It("podman run with cidfile", func() {
 		session := podmanTest.Podman([]string{"run", "--cidfile", tempdir + "cidfile", ALPINE, "ls"})
 		session.WaitWithDefaultTimeout()