beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/contrib
History
Brennan Kinney c8930105bc fix: Normalize RLIMIT_NOFILE to sensible defaults 
During review, it was decided to remove `LimitNOFILE` from `docker.service` to rely on the systemd v240 implicit default of `1024:524288`. On supported platforms with systemd prior to v240, packagers will patch the service with an explicit `LimitNOFILE=1024:524288`.

- `1024` soft limit is an implicit default, avoiding unexpected breakage. Software that needs a higher limit should request to raise the soft limit for its process.
- `524288` hard limit is an implicit default since systemd v240 and is adequate for most processes (_half of the historical limit from `fs.nr_open` of `1048576`_), while 4096 is the implicit default from the kernel (often too low). Individual containers can be started with `--ulimit` when a larger hard limit is required.
- The hard limit may not exceed `fs.nr_open` (_which a value of `infinity` will resolve to_). On most systems with systemd v240 or newer, this will resolve to an excessive size of 2^30 (over 1 billion).
- When set to `infinity` (usually as the soft limit) software may experience significantly increased resource usage, resulting in a performance regression or runtime failures that are difficult to troubleshoot.
- OpenRC current config approach lacks support for different soft/hard limits being set as it adjusts additional limits and `ulimit` does not support mixed usage of `-H` + `-S`. A soft limit of `524288` is not ideal, but 2^19 is much less overhead than 2^30, whilst a hard limit of 4096 would be problematic for Docker.

Signed-off-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-08-07 12:37:14 +12:00
..
apparmor contrib/apparmor: remove remaining version-conditionals (< 2.9) from template 2023-05-08 13:17:59 +02:00
busybox contrib/busybox: Update to FRP-5007-g82accfc19 2023-06-21 14:15:05 +02:00
gitdm run shfmt 2020-03-03 12:27:49 +09:00
httpserver linting: gosec: fix or suppress G112, G114 in test code 2022-09-04 15:36:51 +02:00
init fix: Normalize RLIMIT_NOFILE to sensible defaults 2023-08-07 12:37:14 +12:00
nnp-test Dockerfile: frozen images: update to bullseye, remove buildpack-dep 2021-08-20 18:23:06 +02:00
syntax Remove vim syntax files 2020-01-14 13:01:18 -04:00
syscall-test Dockerfile: frozen images: update to bullseye, remove buildpack-dep 2021-08-20 18:23:06 +02:00
udev Add udev rules files for hiding the docker loopback devices from udisks 2013-12-02 09:11:06 -07:00
check-config.sh contrib/check-config: move xt_bpf check to overlay section 2023-06-05 08:11:05 -06:00
dockerd-rootless-setuptool.sh Merge pull request #44395 from jmrouet/master 2023-05-12 09:39:29 -06:00
dockerd-rootless.sh Fix argument quoting bugs in dockerd-rootless.sh 2023-04-13 16:35:09 +02:00
dockerize-disk.sh contrib/dockerize-disk.sh: Fix indentation 2023-03-07 15:46:48 +01:00
download-frozen-image-v2.sh Dockerfile: variant support in frozen-images stage 2022-11-17 20:57:12 +01:00
editorconfig added editorconfig 2016-10-20 22:18:16 -02:00
mac-install-bundle.sh run shfmt 2020-03-03 12:27:49 +09:00
mkimage-alpine.sh run shfmt 2020-03-03 12:27:49 +09:00
mkimage-arch-pacman.conf mkimage-arch: provide and use own pacman.conf 2014-01-21 14:22:56 +01:00
mkimage-arch.sh run shfmt 2020-03-03 12:27:49 +09:00
mkimage-archarm-pacman.conf Fixed arm arch image maker to support arm versions other than 7 2016-07-10 18:46:35 -07:00
mkimage-crux.sh run shfmt 2020-03-03 12:27:49 +09:00
mkimage-pld.sh add script to make base image for PLD Linux 2016-05-31 09:20:51 +03:00
mkimage-yum.sh all: fix typos 2022-03-01 14:26:35 +08:00
nuke-graph-directory.sh Update contrib/nuke-graph-directory.sh 2021-04-09 10:05:35 +10:00
README.md Add .md extension to readme for markdown rendering 2016-02-24 20:39:46 +00:00

README.md

The contrib directory contains scripts, images, and other helpful things which are not part of the core docker distribution. Please note that they could be out of date, since they do not receive the same attention as the rest of the repository.