Open in app

Sign in

Write

Sign in

How to change ulimit for docker container

Rishi Jain
2 min readAug 17, 2020

In a certain scenarios, you are required to change the default ulimit. For example, an application fails to start with the below error.

Configuration of maximum open file limit is too low: 1024 (expected at least 32768). Please consult

In Unix systems, you can increase the limit by the following command:

$ ulimit -n 32768

To achieve the same in Docker, there are two options.

1. Set ulimits in container ( — ulimit)

Since setting ulimit settings in a container requires extra privileges not available in the default container, you can set these using the --ulimit flag. --ulimit is specified with a soft and hard limit as such: <type>=<soft limit>[:<hard limit>], for example:

$ docker run --ulimit nofile=32768:32768 --rm debian sh -c "ulimit -n"
32768

Note: If you do not provide a hard limit, the soft limit is used for both values. If no ulimits are set, they are inherited from the default ulimits set on the daemon.

2. With docker in privilege mode

Docker containers are in unprivileged mode by default. You can increase the limit just like a regular Unix system when you run the container with privileged mode. Here is how:

$ docker run --privileged --it <image-tag>
# ulimit -n 
  1024
# ulimit -n 32768
# ulimit -n
 32768

WARNING: Running docker in privilege mode is may not be a very good idea and should be avoided due to security reasons.

I would prefer to use --ulimit flag because it’s better and safer than running the container in privileged mode.

FOR NPROC USAGE

Be careful setting nproc with the ulimit flag as nproc is designed by Linux to set the maximum number of processes available to a user, not to a container. For example, start four containers with daemon user:

$ docker run -d -u daemon --ulimit nproc=3 busybox top$ docker run -d -u daemon --ulimit nproc=3 busybox top$ docker run -d -u daemon --ulimit nproc=3 busybox top$ docker run -d -u daemon --ulimit nproc=3 busybox top

The 4th container fails and reports “[8] System error: resource temporarily unavailable” error. This fails because the caller set nproc=3 resulting in the first three containers using up the three processes quota set for the daemon user.

Please let me know in comment secretion what all weird issues you got around docker ulimit and how you resolve that.

Docker
DevOps
Education
Linux
Troubleshooting

--

--

Rishi Jain

Written by Rishi Jain

75 Followers

Software Support Engineer @StreamSets | Hadoop | DataOps | RHCA | Ex-RedHatter | Ex-Cloudera

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams