0

I have this limits.conf on my virtual machine:

dfyz          soft    nofile            1000000
dfyz          hard    nofile            1000000
* soft core 0
* hard core unlimited
* soft memlock unlimited
* hard memlock unlimited

And I need this in a Docker container. But if I just copy this file to container's /etc/security/limits.conf it doesn't work.

How to set these limits into a Docker container?

andre487
  • 1,261
  • 2
  • 18
  • 27
  • You cannot break out of limit on the host system just by defining other limits within the container. You probably need to grant the container the limits from outside via Docker. These are also supported options in Docker Compose files. – ypnos Jan 23 '23 at 16:34
  • I have wide limits on the host system (limits from the file I showed). But I have more strict limits in the container. How to change limits in the container? – andre487 Jan 23 '23 at 16:36
  • 1
    Both `docker run` and Compose have options to set the container process's ulimits when it runs; [how to set ulimit / file descriptor on docker container the image tag is phusion/baseimage-docker](https://stackoverflow.com/questions/24318543/how-to-set-ulimit-file-descriptor-on-docker-container-the-image-tag-is-phusion) has some examples (ignore the specific image name). Does this help you? – David Maze Jan 23 '23 at 18:51
  • 1
    I guess my comment was not precise enough. What happens on the host system is that for each container a cgroup is created with certain limits. I guess your problem was that these cgroups do not use the same limits as configured for the host system. The Docker options change the cgroup settings. – ypnos Jan 24 '23 at 17:43

1 Answers1

1

According to the answer of David Maze, I used the answer from how to set ulimit / file descriptor on docker container the image tag is phusion/baseimage-docker

docker run --rm -ti --ulimit memlock=100000000000:100000000000 my_image
andre487
  • 1,261
  • 2
  • 18
  • 27