git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Mon, 7 May 2018 15:59:18 +0000 (17:59 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 17 May 2018 18:45:54 +0000 (20:45 +0200)
commit	bf428efb0776d45f12ac81dc67463663f92b552f
tree	d3dbc31539bde61175285ec65b2283e33b88dccf	tree \| snapshot
parent	114c55f2d52808c8c3027d3cf4f7e3453f0a28d6	commit \| diff

nspawn: add new --rlimit= switch, and always set resource limits explicitly for our container payloads

This ensures we set the various resource limits of our container
explicitly on each invocation so that we inherit less from our callers
into the payload.

By default resource limits are now set to the same values Linux
generally passes to the host PID 1, thus minimizing needless differences
between host and container environments.

The limits are now also configurable using a new --rlimit= switch. This
is preparation for teaching nspawn native OCI runtime support as OCI
permits setting resource limits for container payloads, and it hence
probably makes sense if we do too.

man/systemd-nspawn.xml		diff \| blob \| blame \| history
man/systemd.nspawn.xml		diff \| blob \| blame \| history
src/nspawn/nspawn-gperf.gperf		diff \| blob \| blame \| history
src/nspawn/nspawn-settings.c		diff \| blob \| blame \| history
src/nspawn/nspawn-settings.h		diff \| blob \| blame \| history
src/nspawn/nspawn.c		diff \| blob \| blame \| history