2

This is something I've struggled to find anything more than anecdotal answers for and I'd really like to find some solid information on this.

This is my situation (I'll be focusing on the no_file limit as it's of principle interest to me):

  • I have a container.
  • Swarm is not being use
  • I can use docker inspect it and see that "Ulimits": null.
  • I use a compose file
  • host and container are running linux (ubuntu)
  • I do not set ulimits via args to docker
  • I do not set ulimits in the compose file
  • I do not set limits via resources in the compose file
  • On the host I can see that all of /etc/default/docker is commented out
  • On the host I start docker with systemd which seems to ignore /etc/default/docker anyway
  • On the host there is no --config-file option being passed to dockerd
  • On the host there is no /etc/docker/daemon.json file (these last 2 being relevant due to this)
  • On the host ulimit -Hn gives 1048576
  • In the container ulimit -Hn gives 1048576
  • In the container /etc/sysctl.conf is commented out (And is ignored by docker containers anyway iirc)
  • In the container /etc/sysctl.d is an empty directory
  • In the container /etc/security/limits.conf is commented out (And is ignored by docker containers anyway iirc)
  • In the container /etc/security/limits.d is an empty directory

I'm aware (from answers like this one) that the host values do impact the container. But not what takes preference.

The best leads I've found are as follows:

What then muddies the water is that /lib/systemd/system/docker.service has a line in the [Service] section that reads LimitNOFILE=1048576. So then I'm not sure if this is setting a hard limit on the docker deamon pid (ala ulimits) and, if so, whether this take precedence over the host's established limits (one would assume so right?).

There is an extent to which it "doesn't matter" in that as long as I have the number in the range I need it should be fine. However I'd really like to be able to understand the actual behaviour here, and know if there is any official information on what the behavior is (or should be).

Thank you.

Baggers
  • 3,183
  • 20
  • 31
  • Unrelated but I'll link it here as it's not well documented either: [ulimits seemingly configurable via docker](https://github.com/docker/go-units/blob/f2145db703495b2e525c59662db69a7344b00bb8/ulimit.go#L46-L62) – Baggers Feb 19 '20 at 09:02

0 Answers0