Reputation: 887
Limit number of open files in a Container
We are trying to limit the total number of open files for an entire container. Limit on the open fds in host is done by using ulimit. From what we know docker container runs as a process on the host OS and hence we should be able to limit the total number of open files for each docker container using ulimit.
But we are able to cross the total number of open files within a container[the ulimit value on the host].
Does docker have a well defined mechanism to restrict the number of open files per container?
Upvotes: 2
Views: 6492
Answers (2)
Reputation: 21
--ulimit will limit the number of open file descriptors per process. Each child process within the container will get the same ulimit as the parent. A hacker could still cause havoc by writing a function that spawns multiple child processes and have each child process use up file descriptors. In other words, there is nothing available that would limit the total number of file descriptors for the process and all its children. This is what would be useful.
Upvotes: 0
Reputation: 29137
Ulimits are namespaced, so not automatically inherited from the host. You can specify ulimits for a container, using the --ulimit flag on docker run and docker create. For more information see the Set ulimits in a container section of the documentation;
Upvotes: 8
Related Questions
- Copying files from Docker container to host
- How to copy files from host to Docker container?
- How do I mount a host directory as a volume in docker compose
- Java using much more memory than heap size (or size correctly Docker memory limit)
- How to include files outside of Docker's build context?
- Forward host port to docker container
- Run a Docker image as a container
- How to mount a host directory in a Docker container