Merge pull request #2126 from giuseppe/set-prlimit

podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE

cmd/podman/main.go

@@ -148,16 +148,20 @@ func main() {
 			logrus.SetLevel(level)
 		}
 
-		// Only if not rootless, set rlimits for open files.
-		// We open numerous FDs for ports opened
-		if !rootless.IsRootless() {
-			rlimits := new(syscall.Rlimit)
-			rlimits.Cur = 1048576
-			rlimits.Max = 1048576
+		rlimits := new(syscall.Rlimit)
+		rlimits.Cur = 1048576
+		rlimits.Max = 1048576
+		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+			if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+				return errors.Wrapf(err, "error getting rlimits")
+			}
+			rlimits.Cur = rlimits.Max
 			if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
 				return errors.Wrapf(err, "error setting new rlimits")
 			}
-		} else {
+		}
+
+		if rootless.IsRootless() {
 			logrus.Info("running as rootless")
 		}
 

libpod/container_easyjson.go

@@ -1,6 +1,6 @@
 // +build  seccomp   ostree selinux  varlink exclude_graphdriver_devicemapper
 
-// Code generated by easyjson for marshaling/unmarshaling. DO NOT EDIT
+// Code generated by easyjson for marshaling/unmarshaling. DO NOT EDIT.
 
 package libpod