How to change ulimit for docker container
In a certain scenarios, you are required to change the default ulimit. For example, an application fails to start with the below error.
Configuration of maximum open file limit is too low: 1024 (expected at least 32768). Please consult
In Unix systems, you can increase the limit by the following command:
$ ulimit -n 32768
To achieve the same in Docker, there are two options.
1. Set ulimits in container ( — ulimit)
Since setting ulimit
settings in a container requires extra privileges not available in the default container, you can set these using the --ulimit
flag. --ulimit
is specified with a soft and hard limit as such: <type>=<soft limit>[:<hard limit>]
, for example:
$ docker run --ulimit nofile=32768:32768 --rm debian sh -c "ulimit -n"
32768
Note: If you do not provide a hard limit
, the soft limit
is used for both values. If no ulimits
are set, they are inherited from the default ulimits
set on the daemon.
2. With docker in privilege mode
Docker containers are in unprivileged mode by default. You can increase the limit just like a regular Unix system when you run the container with privileged mode. Here is how:
$ docker run --privileged --it <image-tag>
# ulimit -n
1024
# ulimit -n 32768
# ulimit -n
32768
WARNING: Running docker in privilege mode is may not be a very good idea and should be avoided due to security reasons.
I would prefer to use --ulimit
flag because it’s better and safer than running the container in privileged
mode.
FOR NPROC
USAGE
Be careful setting nproc
with the ulimit
flag as nproc
is designed by Linux to set the maximum number of processes available to a user, not to a container. For example, start four containers with daemon
user:
$ docker run -d -u daemon --ulimit nproc=3 busybox top$ docker run -d -u daemon --ulimit nproc=3 busybox top$ docker run -d -u daemon --ulimit nproc=3 busybox top$ docker run -d -u daemon --ulimit nproc=3 busybox top
The 4th container fails and reports “[8] System error: resource temporarily unavailable” error. This fails because the caller set nproc=3
resulting in the first three containers using up the three processes quota set for the daemon
user.
Please let me know in comment secretion what all weird issues you got around docker ulimit and how you resolve that.