snippetMinor
Processes in "podman build" have lower file descriptor limit than processes in "podman run", how can I increase this?
Viewed 0 times
thiscanfiledescriptorlowerlimitthanincreasehowprocesses
Problem
I'm running podman 3.4.4 on Ubuntu 22.04 LTS server.
I have been having
Eventually I traced it to this: the limits given to processes in
If I run:
This prints (among other things):
Gee, that's low.
If I become root in my shell and use
So that's what I see in
The command has completely different results at build time and at "run" time.
I did try to modify
Anyway it would be much better to increase this for the build command in general, or at least using an option to it, rather than for every RUN that might need it.
Practically speaking this appears to be behind a build failure I have with a larger Dockerfile, but I've boiled it down to
I have been having
podman build issues that are not reproducible if I do those steps after the container build using podman run.Eventually I traced it to this: the limits given to processes in
podman build are completely different. Here's a sample Dockerfile:FROM node:14-bullseye
WORKDIR /app
RUN echo "clear cache 1"
RUN bash -c 'cat /proc/$/limits'
# Placeholder, not used in this example
CMD bashIf I run:
podman build -t project .This prints (among other things):
Max open files 1024 1024 filesGee, that's low.
If I become root in my shell and use
ulimit -n 131072, then cat /proc/self/limits shows my increased limit in the shell. But if I then bump "Clear cache 1" to "Clear cache 2" in the Dockerfile (this is important) and run the build command, still in that root shell with the increased ulimit, I still get:Max open files 1024 1024 filesSo that's what I see in
podman build. However if I then open a bash shell in a container using the new image using podman run, I get this result:root@ubuntu:/home/ubuntu/opt/cloud/build# podman run -it project bash
root@17961323a1c9:/app# cat /proc/$/limits
Max open files 1048576 1048576 filesThe command has completely different results at build time and at "run" time.
I did try to modify
ulimit inside a RUN statement, but no dice:bash: line 1: ulimit: open files: cannot modify limit: Operation not permitted
Error: error building at STEP "RUN bash -c 'ulimit -n 131072 && cat /proc/$/limAnyway it would be much better to increase this for the build command in general, or at least using an option to it, rather than for every RUN that might need it.
Practically speaking this appears to be behind a build failure I have with a larger Dockerfile, but I've boiled it down to
Solution
The following command works, cobbled together from friendly advice and additional googling based on that input:
The latest releases of
podman build --ulimit=nofile=131072:1048576 [other arguments here]The latest releases of
podman apparently accept --ulimit=host, which is convenient if you want the same policy, but 3.4.4 does not. For 3.4.4, you'll need to know the specific limit name. These are not yet listed in podman documentation, but for the file descriptor limit the proper name is nofiles. This Red Hat article may be helpful with regard to other limit names.Code Snippets
podman build --ulimit=nofile=131072:1048576 [other arguments here]Context
StackExchange DevOps Q#18215, answer score: 2
Revisions (0)
No revisions yet.