Foam limits in docker containers do not work

Question

Foam limits in docker containers do not work

I added something in user1 to the user1 container to limit the maximum number of user processes for user1 , but when I run bash in the container under user1 , ulimit -a does not reflect the restrictions that are defined in the file restrictions on letters ( /etc/security/limits.conf ).

How can I make this work?

I also added the session required pam_limits.so to /etc/pam.d/common-session , so no problem.

I am launching a docker container with something like sudo docker run --user=user1 --rm=true <container-name> bash

Also, sudo docker run ... --user=user1 ... cmd does not apply foam limits, but sudo docker run ... --user=root ... su user1 -c 'cmd' does

+6

docker

Markus orreilly Mar 25 '14 at 2:05

source share

1 answer

Vlad · Answer 1 · 2015-06-26T13:36:52+0000

/etc/security/limits.conf is just a file that is read by the PAM framework at boot time. Dock containers are clones of a kernel in a pristine state after its beginning. This means that none of the inherited environment initializations will be applied to the container. You must use the "limit" command to set the process limits.

The best way to do this would be to use restrictions on the use of containers, unfortunately the current version of docker does not support restrictions on the number of processes. It looks like support will appear in version 1.6 when it comes out, as @thaJeztah said.

Foam limits in docker containers do not work

More articles: