Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Units for --ulimit memlock is counter intuitive #5799

Open
cjvolzka opened this issue Feb 5, 2025 · 0 comments
Open

Units for --ulimit memlock is counter intuitive #5799

cjvolzka opened this issue Feb 5, 2025 · 0 comments
Labels
kind/bug status/0-triage

Comments

@cjvolzka
Copy link

cjvolzka commented Feb 5, 2025

Description

From Linux, the units for memlock are in kb. However docker run --ulimit memlock appears to use bytes. Since I wasn't able to find docker documentation to indicate it uses bytes instead of kb, using this setting was counter intuitive.

Notes:

I have not tried other --ulimit settings that are based on size, but it appears at least a few others use kb in Linux and I'm guessing those may also be affected by this.

Reproduce

Using 4096 I expect to get 4096k but in the container, limits -a shows 4k for "max locked memory"

docker run --rm -it --ulimit memlock=4096 ubuntu
root@d1290e92e5f8:/# ulimit -a
real-time non-blocking time  (microseconds, -R) unlimited
core file size              (blocks, -c) unlimited
data seg size               (kbytes, -d) unlimited
scheduling priority                 (-e) 0
file size                   (blocks, -f) unlimited
pending signals                     (-i) 29730
max locked memory           (kbytes, -l) 4
max memory size             (kbytes, -m) unlimited
open files                          (-n) 1073741816
pipe size                (512 bytes, -p) 8
POSIX message queues         (bytes, -q) 819200
real-time priority                  (-r) 0
stack size                  (kbytes, -s) 8192
cpu time                   (seconds, -t) unlimited
max user processes                  (-u) unlimited
virtual memory              (kbytes, -v) unlimited
file locks                          (-x) unlimited

I attempted adding a unit to the call like --ulimit memlock=4096kb or --ulimit memlock=4096k but that immediately fails:

docker run --rm -it --ulimit memlock=4096kb ubuntu
invalid argument "memlock=4096kb" for "--ulimit" flag: strconv.ParseInt: parsing "4096kb": invalid syntax
See 'docker run --help'.

Expected behavior

One of:

  • Use kb as the units instead of bytes
  • Support (or require) specifying units so users can be explicit
  • Document that --ulimit uses bytes instead of kb

docker version

Client: Docker Engine - Community
 Version:           27.1.1
 API version:       1.46
 Go version:        go1.21.12
 Git commit:        6312585
 Built:             Fri Jul 26 06:15:46 2024
 OS/Arch:           linux/s390x
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.1.1
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.12
  Git commit:       cc13f95
  Built:            Fri Jul 26 06:45:34 2024
  OS/Arch:          linux/s390x
  Experimental:     false
 containerd:
  Version:          1.7.19
  GitCommit:        2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc:
  Version:          1.7.19
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    27.1.1
 Context:    default
 Debug Mode: false

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 5
 Server Version: 27.1.1
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Authorization: <*******>
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  userns
  cgroupns
 Kernel Version: 5.14.0-427.40.1.el9.zfpc10.8.s390x
 Operating System: Linux
 OSType: linux
 Architecture: s390x
 CPUs: 2
 Total Memory: 7.314GiB
 Name: <*******>
 ID: a86f1633-c963-41d2-963a-76590c1ab455
 Docker Root Dir: /media/data/docker/24000.109
 Debug Mode: false
 Username: <********>
 Labels:
  platform=zOS
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

Limits.conf doc pages showing memlock as kb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cjvolzka