28.8 Configuring ulimit Settings for an Oracle Linux Container

A container's ulimit setting honors the values of ulimit settings such as memlock and nofile in the container's version of /etc/security/limits.conf/ provided that these values are lower than or equal to the values on the host system.

The values of memlock and nofile determine the maximum amount of address space in kilobytes that can be locked into memory by a user process and the maximum number of file descriptors that a user process can have open at the same time.

If you require a higher ulimit value for a container, increase the value of the settings in /etc/security/limits.conf on the host, for example:

#<domain>      <type>  <item>         <value>
*              soft    memlock       1048576
*              hard    memlock       2097152
*              soft    nofile        5120
*              hard    nofile        10240

A process can use the ulimit built-in shell command or the setrlimit() system call to raise the current limit for a shell above the soft limit. However, the new value cannot exceed the hard limit unless the process is owned by root.

You can use ulimit to set or display the current soft and hard values on the host or from inside the container, for example:

[root@host ~]# echo "host: nofile = $(ulimit -n)"
host: nofile = 1024
[root@host ~]# echo "host: nofile = $(ulimit -H -n)"
host: nofile = 4096
[root@host ~]# ulimit -n 2048
[root@host ~]# echo "host: nofile = $(ulimit -n)"
host: nofile = 2048
[root@host ~]# lxc-attach -n ol6ctr1 -- echo "container: nofile = $(ulimit -n)"
container: nofile = 1024

Log out and log in again or, if possible, reboot the host before starting the container in a shell that uses the new soft and hard values for ulimit.