podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE

If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: https://github.com/containers/libpod/issues/2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-01-10 16:44:40 +01:00 · 2019-01-10 16:44:40 +01:00 · a2c1a2df54
parent 0f6535cf6b
commit a2c1a2df54
2 changed files with 12 additions and 8 deletions
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@ -148,16 +148,20 @@ func main() {
 			logrus.SetLevel(level)
 		}
-		// Only if not rootless, set rlimits for open files.
+		rlimits := new(syscall.Rlimit)
-		// We open numerous FDs for ports opened
+		rlimits.Cur = 1048576
-		if !rootless.IsRootless() {
+		rlimits.Max = 1048576
-			rlimits := new(syscall.Rlimit)
+		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
-			rlimits.Cur = 1048576
+			if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
-			rlimits.Max = 1048576
+				return errors.Wrapf(err, "error getting rlimits")
 			}
 			rlimits.Cur = rlimits.Max
 			if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
 				return errors.Wrapf(err, "error setting new rlimits")
 			}
-		} else {
+		}
 		if rootless.IsRootless() {
 			logrus.Info("running as rootless")
 		}
--- a/libpod/container_easyjson.go
+++ b/libpod/container_easyjson.go
@ -1,6 +1,6 @@
 // +build  seccomp   ostree selinux  varlink exclude_graphdriver_devicemapper
-// Code generated by easyjson for marshaling/unmarshaling. DO NOT EDIT
+// Code generated by easyjson for marshaling/unmarshaling. DO NOT EDIT.
 package libpod