Podman: Podman default ulimit is too low 1024

Created on 5 May 2020  路  11Comments  路  Source: containers/podman

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Steps to reproduce the issue:

  1. Start a basic container like fedora podman run -it centos sh

  2. Check the file system limits cat /proc/self/limits | grep open

Describe the results you received:

The value I see is only 1024, and that's the reason why a good number of container that I use fails or on boot or on build all with the "same" error: Open files limit reached

Describe the results you expected:

I think by default it should have a larger limit, or a way to globally configure the default limit

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:            1.9.1
RemoteAPI Version:  1
Go Version:         go1.14.2
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  gitCommit: ""
  goVersion: go1.14.2
  podmanVersion: 1.9.1
host:
  arch: amd64
  buildahVersion: 1.14.8
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.15-1.fc32.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.15, commit: 33da5ef83bf2abc7965fc37980a49d02fdb71826'
  cpus: 8
  distribution:
    distribution: fedora
    version: "32"
  eventLogger: file
  hostname: thinkpad.b1zzu.club
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.6.8-300.fc32.x86_64
  memFree: 13843738624
  memTotal: 25086222336
  ociRuntime:
    name: runc
    package: containerd.io-1.2.13-3.1.fc31.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc10
      commit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
      spec: 1.0.1-dev
  os: linux
  rootless: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.0.0-1.fc32.x86_64
    version: |-
      slirp4netns version 1.0.0
      commit: a3be729152a33e692cd28b52f664defbf2e7810a
      libslirp: 4.2.0
  swapFree: 12616462336
  swapTotal: 12616462336
  uptime: 33m 36.41s
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
store:
  configFile: /home/b1zzu/.config/containers/storage.conf
  containerStore:
    number: 57
    paused: 0
    running: 0
    stopped: 57
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.0.0-1.fc32.x86_64
      Version: |-
        fusermount3 version: 3.9.1
        fuse-overlayfs: version 1.0.0
        FUSE library version 3.9.1
        using FUSE kernel interface version 7.31
  graphRoot: /home/b1zzu/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 110
  runRoot: /run/user/1000/containers
  volumePath: /home/b1zzu/.local/share/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

podman-1.9.1-1.fc32.x86_64

Additional environment details (AWS, VirtualBox, physical, etc.):

Physical laptop ( Lenovo T480s )

kinbug
Source
picture b1zzu

All 11 comments

@rhatdan I think we fixed this one in master, but I don't see a backport in the v1.9 branch - any idea what happened?

mheon picture mheon on 5 May 2020

If I use the option --ulimit=host than the container will start with the same limit as my user

podman run --ulimit=host -it fedora bash

is there a way to set the --ulimit option globally?

b1zzu picture b1zzu on 5 May 2020

It may be in containers.conf

mheon picture mheon on 5 May 2020

@mheon can you point me out to documentation, can't find anything for containers.conf

Update:
founded man containers.conf

b1zzu picture b1zzu on 5 May 2020

Ah, you're still on F31; we started shipping one (/usr/share/containers/containers.conf AFAIK) in F32.

A default containers.conf can be found at https://github.com/containers/common/blob/master/pkg/config/containers.conf

mheon picture mheon on 5 May 2020

And in case the man page for the latest containers.conf is useful: https://github.com/containers/common/blob/master/docs/containers.conf.5.md

TomSweeneyRedHat picture TomSweeneyRedHat on 5 May 2020

@mheon I'm on Fedora 32, and I found it, I've set the ulimit in /etc/containers/containers.conf and it works as expected

[containers]

# A list of ulimits to be set in containers by default, specified as
# "<ulimit name>=<soft limit>:<hard limit>", for example:
# "nofile=1024:2048"
# See setrlimit(2) for a list of resource names.
# Any limit not specified here will be inherited from the process launching the
# container engine.
# Ulimits has limits for non privileged container engines.
#
default_ulimits = [
 "nofile=65535:65535",
]

Thanks :)

b1zzu picture b1zzu on 5 May 2020
🚀1

I'm going to leave this open because we should be doing this by default, but I think the patch got lost somewhere and didn't make it into the 1.9 release

mheon picture mheon on 5 May 2020
👍1

https://github.com/containers/libpod/pull/6004

rhatdan picture rhatdan on 5 May 2020

Podman 1.9
podman run alpine grep open /proc/self/limits
Max open files 1024 1024 files

podman 2.0
./bin/podman run alpine grep open /proc/self/limits
Max open files 1024 524288 files

rhatdan picture rhatdan on 5 May 2020

Fixed, closing

mheon picture mheon on 2 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

juansuerogit picture juansuerogit  路  51Comments
avikivity picture avikivity  路  92Comments
faulesocke picture faulesocke  路  65Comments
alitvak69 picture alitvak69  路  50Comments
cevich picture cevich  路  69Comments