Merge pull request #223 from rajasec/rlimitspec

Adding rlimit in spec
2015-08-28 10:34:59 -07:00 · 2015-08-28 10:34:59 -07:00 · b9c32b3869
parent 1cb571f800 fc97aa44e1
commit b9c32b3869
2 changed files with 26 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -132,7 +132,13 @@ user with uid and gid of `0` defined within that file-system.
    "linux": {
        "uidMapping": null,
        "gidMapping": null,
-        "rlimits": null,
+        "rlimits": [
+           {
+                "type": 7,
+                "hard": 1024,
+                "soft": 1024
+           }
+        ],
        "systemProperties": null,
        "resources": {
            "disableOOMKiller": false,
--- a/spec.go
+++ b/spec.go
@ -114,6 +114,14 @@ var specCommand = cli.Command{
 					"KILL",
 					"NET_BIND_SERVICE",
 				},
+				Rlimits: []specs.Rlimit{
+					{
+						Type: syscall.RLIMIT_NOFILE,
+						Hard: uint64(1024),
+						Soft: uint64(1024),
+					},
+				},
+
 				Devices: []specs.Device{
 					{
 						Type:        'c',
@ -273,6 +281,9 @@ func createLibcontainerConfig(cgroupName string, spec *specs.LinuxSpec) (*config
 	if err := setupUserNamespace(spec, config); err != nil {
 		return nil, err
 	}
+	for _, rlimit := range spec.Linux.Rlimits {
+		config.Rlimits = append(config.Rlimits, createLibContainerRlimit(rlimit))
+	}
 	c, err := createCgroupConfig(cgroupName, spec, config.Devices)
 	if err != nil {
 		return nil, err
@ -419,6 +430,14 @@ func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
 	return nil
 }

+func createLibContainerRlimit(rlimit specs.Rlimit) configs.Rlimit {
+	return configs.Rlimit{
+		Type: int(rlimit.Type),
+		Hard: uint64(rlimit.Hard),
+		Soft: uint64(rlimit.Soft),
+	}
+}
+
 // parseMountOptions parses the string and returns the flags and any mount data that
 // it contains.
 func parseMountOptions(options string) (int, string) {