nspawn: Copy RLIMIT_CORE and RLIMIT_NOFILE in non-booted nspawn containers

author Daan De Meyer <daan.j.demeyer@gmail.com>

Wed, 13 Oct 2021 10:18:41 +0000 (11:18 +0100)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 13 Oct 2021 20:41:08 +0000 (22:41 +0200)
author Daan De Meyer <daan.j.demeyer@gmail.com>
Wed, 13 Oct 2021 10:18:41 +0000 (11:18 +0100)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 13 Oct 2021 20:41:08 +0000 (22:41 +0200)
diff --git a/mkosi/__init__.py b/mkosi/__init__.py

index 4c67020150fa19fd5147460ddd8750ef04fa719e..308218c5f51614fad04109c63ca7a20fc7d87261 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -78,6 +78,7 @@ from .backend import (
      die,
      install_grub,
      nspawn_params_for_blockdev_access,
+    nspawn_rlimit_params,
      patch_file,
      path_relative_to_cwd,
      run,
@@ -6841,6 +6842,7 @@ def run_build_script(args: CommandLineArguments, root: Path, raw: Optional[Binar
              f"--setenv=WITH_TESTS={one_zero(args.with_tests)}",
              f"--setenv=WITH_NETWORK={with_network}",
              "--setenv=DESTDIR=/root/dest",
+            *nspawn_rlimit_params(),
          ]
  
          cmdline.extend(f"--setenv={env}" for env in args.environment)
@@ -7115,6 +7117,8 @@ def run_shell(args: CommandLineArguments) -> None:
  
      if args.verb == "boot":
          cmdline += ["--boot"]
+    else:
+        cmdline += nspawn_rlimit_params()
  
      if is_generated_root(args) or args.verity:
          cmdline += ["--volatile=overlay"]
diff --git a/mkosi/backend.py b/mkosi/backend.py

index 372cb7cacbba8601455a04647afd6900d44160b1..8246e496b6244d1634eb435ecec05253d28354a4 100644 (file)
--- a/mkosi/backend.py
+++ b/mkosi/backend.py
@@ -8,6 +8,7 @@ import dataclasses
  import enum
  import math
  import os
+import resource
  import shlex
  import shutil
  import signal
@@ -547,6 +548,20 @@ def nspawn_params_for_blockdev_access(args: CommandLineArguments, loopdev: Path)
      return params
  
  
+def format_rlimit(rlimit: int) -> str:
+        limits = resource.getrlimit(rlimit)
+        soft = "infinity" if limits[0] == resource.RLIM_INFINITY else str(limits[0])
+        hard = "infinity" if limits[1] == resource.RLIM_INFINITY else str(limits[1])
+        return f"{soft}:{hard}"
+
+
+def nspawn_rlimit_params() -> Sequence[str]:
+    return [
+        f"--rlimit=RLIMIT_CORE={format_rlimit(resource.RLIMIT_CORE)}",
+        f"--rlimit=RLIMIT_NOFILE={format_rlimit(resource.RLIMIT_NOFILE)}",
+    ]
+
+
  def run_workspace_command(
      args: CommandLineArguments,
      root: Path,
@@ -565,6 +580,7 @@ def run_workspace_command(
          "--register=no",
          f"--bind={var_tmp(root)}:/var/tmp",
          "--setenv=SYSTEMD_OFFLINE=1",
+        *nspawn_rlimit_params(),
      ]
  
      if network:
author	Daan De Meyer <daan.j.demeyer@gmail.com>
	Wed, 13 Oct 2021 10:18:41 +0000 (11:18 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 13 Oct 2021 20:41:08 +0000 (22:41 +0200)
mkosi/__init__.py		patch \| blob \| blame \| history
mkosi/backend.py		patch \| blob \| blame \| history