I need to set the file descriptor limit correctly on the docker container I connect to container with ssh (https://github.com/phusion/baseimage-docker) Already tried: <ul> <li>edit limits.conf the container ignore this file </li> <li>upstart procedure found at https://coderwall.com/p/myodcq but this docker image has different kind of init process. (runit)</li> <li>I tried to modify configuration of pam library in /etc/pam.d</li> <li>try to enabled pam for ssh in sshd_config</li> </ul> The output it always the same. <pre class="prettyprint"><code>bash: ulimit: open files: cannot modify limit: Operation not permitted </code></pre>

The latest docker supports setting ulimits through the command line and the API. For instance, <code>docker run</code> takes <code>--ulimit <type>=<soft>:<hard></code> and there can be as many of these as you like. So, for your nofile, an example would be <code>--ulimit nofile=262144:262144</code>

If using the docker-compose file, Based on docker compose version 2.x We can set like as below, by overriding the default config. <pre class="prettyprint"><code>ulimits: nproc: 65535 nofile: soft: 26677 hard: 46677 </code></pre> https://docs.docker.com/compose/compose-file/compose-file-v3/

After some searching I found this on a Google groups discussion: <blockquote> docker currently inhibits this capability for enhanced safety. </blockquote> That is because the ulimit settings of the host system apply to the docker container. It is regarded as a security risk that programs running in a container can change the ulimit settings for the host. The good news is that you have two different solutions to choose from. <ol> <li>Remove <code>sys_resource</code> from <code>lxc_template.go</code> and recompile docker. Then you'll be able to set the ulimit as high as you like.</li> </ol> or <ol start="2"> <li>Stop the docker demon. Change the ulimit settings on the host. Start the docker demon. It now has your revised limits, and its child processes as well.</li> </ol> I applied the second method: <ol> <li><code>sudo service docker stop;</code></li> <li>changed the limits in /etc/security/limits.conf</li> <li>reboot the machine </li> <li>run my container</li> <li>run <code>ulimit -a</code> in the container to confirm the open files limit has been inherited.</li> </ol> See: https://groups.google.com/forum/#!searchin/docker-user/limits/docker-user/T45Kc9vD804/v8J_N4gLbacJ

how to set ulimit / file descriptor on docker container the image tag is phusion/baseimage-docker

Tags:

docker

ulimit

I need to set the file descriptor limit correctly on the docker container I connect to container with ssh (https://github.com/phusion/baseimage-docker)

Already tried:

edit limits.conf the container ignore this file
upstart procedure found at https://coderwall.com/p/myodcq but this docker image has different kind of init process. (runit)
I tried to modify configuration of pam library in /etc/pam.d
try to enabled pam for ssh in sshd_config

The output it always the same.

bash: ulimit: open files: cannot modify limit: Operation not permitted

624

asked Jun 20 '14 01:06

dnocode

3 Answers

The latest docker supports setting ulimits through the command line and the API. For instance, docker run takes --ulimit <type>=<soft>:<hard> and there can be as many of these as you like. So, for your nofile, an example would be --ulimit nofile=262144:262144

answered Sep 20 '22 21:09

Glenn

If using the docker-compose file, Based on docker compose version 2.x We can set like as below, by overriding the default config.

ulimits:
  nproc: 65535
  nofile:
    soft: 26677
    hard: 46677

https://docs.docker.com/compose/compose-file/compose-file-v3/

answered Sep 21 '22 21:09

MohanBabu

After some searching I found this on a Google groups discussion:

docker currently inhibits this capability for enhanced safety.

That is because the ulimit settings of the host system apply to the docker container. It is regarded as a security risk that programs running in a container can change the ulimit settings for the host.

The good news is that you have two different solutions to choose from.

Remove sys_resource from lxc_template.go and recompile docker. Then you'll be able to set the ulimit as high as you like.

Stop the docker demon. Change the ulimit settings on the host. Start the docker demon. It now has your revised limits, and its child processes as well.

I applied the second method:

sudo service docker stop;
changed the limits in /etc/security/limits.conf
reboot the machine
run my container
run ulimit -a in the container to confirm the open files limit has been inherited.

See: https://groups.google.com/forum/#!searchin/docker-user/limits/docker-user/T45Kc9vD804/v8J_N4gLbacJ

answered Sep 19 '22 21:09

dnocode

Related questions
                            
                                Dockerfile CMD instruction will exit the container just after running it
                            
                                How do you enable BuildKit with docker-compose?
                            
                                Run jar file in docker image
                            
                                multi-stage build in docker compose?
                            
                                What Is The Difference Between Binding Mounts And Volumes While Handling Persistent Data In Docker Containers?
                            
                                multiple app nodes how to expose jmx in kubernetes?
                            
                                'docker ps' output formatting: list only names of running containers
                            
                                Using an IDE while developing on a docker container
                            
                                Docker - What is proper way to rebuild and push updated image to docker cloud?
                            
                                do I need to manually tag "latest" when pushing to docker public repository?
                            
                                Install pip in docker
                            
                                How to prevent docker-compose building the same image multiple times?
                            
                                Use of Supervisor in docker
                            
                                Can't use yum inside Docker container running on CentOS
                            
                                Docker: How to authenticate for docker push?
                            
                                How to stop a docker container which started with `--restart=always`
                            
                                Docker CMD exec-form for multiple command execution
                            
                                Docker - Bash: IP: command not found
                            
                                Port forwarding in docker-machine?
                            
                                What is the default user and password for elasticsearch?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

how to set ulimit / file descriptor on docker container the image tag is phusion/baseimage-docker

Tags:

docker

ulimit

dnocode

People also ask

3 Answers

Glenn

MohanBabu

dnocode

Recent Activity

Donate For Us