I have systemd running inside a docker container and I'm trying to set Number of File Descriptors limit for the service. I set the limit on the docker container to 262k, but for some reason the /sbin/init process lowers the limit to 65k. Here's a simple example:
$ sudo docker run --rm --ulimit nofile=262144:262144 --entrypoint grep centos:7.6.1810 files /proc/1/limits
Max open files 262144 262144 files
$ sudo docker run -d --name test --ulimit nofile=26144:26144 --entrypoint /sbin/init centos:7.6.1810 && sudo docker exec test grep files /proc/1/limits && sudo docker rm -f test
cd9bbe479f4a5b5b4e78421bfc8ef968e5abd5d9703b7f1f1975998e65ab0145
Max open files 26144 26144 files
test
$ sudo docker run -d --name test --ulimit nofile=262144:262144 --entrypoint /sbin/init centos:7.6.1810 && sudo docker exec test grep files /proc/1/limits && sudo docker rm -f test
d5d115a0cc07994b9934a809ac567e3f75994f75e56f88740ccc8f08bcb15d1e
Max open files 65536 65536 files
test
In the first command I'm running a simple grep command, you can see it gets the 262k limit I set on the container. Second command I start the /sbin/init process with 26k limit, which it follows. If I set the limit >65k (3rd command), it is ignored and set to 65k instead.
Since the init process is the parent of all the services and it sets nofile hard limit to 65k, it is impossible for my service to go beyond 65k (with for example LimitNOFILE= setting on the service). Is there a way to prevent init from setting a lower nofile limit?
EDIT: The 3rd command gives the expected output on my own machine. The output above is from an AWS EC2 instance. Not sure why its different...
