knast icon indicating copy to clipboard operation
knast copied to clipboard

Published 20 hours ago verified publisher icon akhramov

rlimits support

Open akhramov opened this issue 3 years ago • 0 comments

Quoting runtime-spec

For systems that support POSIX rlimits (for example Linux and Solaris), the process object supports the following process-specific properties...

FreeBSD definitely supports rlimits, see getrlimit(2). According to rctl(8), it's possible to set rlimits on a jail base, e.g. following will limit the amount of memory jail knast can allocate to 1g.

rctl -a jail:knast:vmemoryuse:deny=1g

The scope of this task

  • write bindings to programmatically mimic the behavior of rctl(8)
  • support runtime config's process.limits option
  • figure out the sane defaults. E.g. podman generates runtime spec like this 
    {
  "type": "RLIMIT_NOFILE",
  "hard": 524288,
  "soft": 524288
},
{
  "type": "RLIMIT_NPROC",
  "hard": 32768,
  "soft": 32768
}
  • Contribute these defaults to containerd

akhramov avatar May 23 '21 18:05 akhramov