From 3b4358f7dd58d6c54a1197dc692444d5dbd67c80 Mon Sep 17 00:00:00 2001 From: roy Date: Fri, 8 Aug 2025 17:41:18 +0800 Subject: [PATCH] fix: Remove `LimitNOFILE` from `containerd.service` (cherry picked from commit 1c0bdd8d602bdf332682f8f31c4d5b6783104594) --- containerd.spec | 8 ++++- ...-limitnofile-from-containerd-service.patch | 35 +++++++++++++++++++ series.conf | 1 + 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 patch/0045-containerd-remove-limitnofile-from-containerd-service.patch diff --git a/containerd.spec b/containerd.spec index 8ee1273..7fa4295 100644 --- a/containerd.spec +++ b/containerd.spec @@ -2,7 +2,7 @@ %global debug_package %{nil} Version: 1.6.22 Name: containerd -Release: 21 +Release: 22 Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io @@ -68,6 +68,12 @@ install -D -p -m 0644 %{S:7} %{buildroot}%{_sysconfdir}/containerd/config.toml %exclude %{_bindir}/containerd-stress %changelog +* Fri Aug 08 2025 Yu Peng - 1.6.22-22 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix: Remove `LimitNOFILE` from `containerd.service` + * Wed Jul 23 2025 dongyuzhen - 1.6.22-21 - Type:bugfix - ID:NA diff --git a/patch/0045-containerd-remove-limitnofile-from-containerd-service.patch b/patch/0045-containerd-remove-limitnofile-from-containerd-service.patch new file mode 100644 index 0000000..87db97c --- /dev/null +++ b/patch/0045-containerd-remove-limitnofile-from-containerd-service.patch @@ -0,0 +1,35 @@ +commit 3ca39ef01608fdd44245c0173bf071682b3bfe3c +Author: Brennan Kinney <5098581+polarathene@users.noreply.github.com> +Date: Mon Aug 7 12:47:16 2023 +1200 + + fix: Remove `LimitNOFILE` from `containerd.service` + + + + Remove `LimitNOFILE` from `containerd.service` to rely on the systemd v240 implicit default of `1024:524288`. On supported platforms with systemd prior to v240, packagers will patch the service with an explicit `LimitNOFILE=1024:524288`. + + - `1024` soft limit is an implicit default, avoiding unexpected breakage. Software that needs a higher limit should request to raise the soft limit for its process. + - `524288` hard limit is an implicit default since systemd v240 and is adequate for most processes (_half of the historical limit from `fs.nr_open` of `1048576`_), while 4096 is the implicit default from the kernel (often too low). + - The hard limit may not exceed `fs.nr_open` (_which a value of `infinity` will resolve to_). On most systems with systemd v240 or newer, this will resolve to an excessive size of 2^30 (over 1 billion). + - When set to `infinity` (usually as the soft limit) software may experience significantly increased resource usage, resulting in a performance regression or runtime failures that are difficult to troubleshoot. + + Signed-off-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> + +diff --git a/containerd.service b/containerd.service +index 38a345945..cf7c6efed 100644 +--- a/containerd.service ++++ b/containerd.service +@@ -28,11 +28,12 @@ Delegate=yes + KillMode=process + Restart=always + RestartSec=5 ++ + # Having non-zero Limit*s causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. + LimitNPROC=infinity + LimitCORE=infinity +-LimitNOFILE=infinity ++ + # Comment TasksMax if your systemd version does not supports it. + # Only systemd 226 and above support this version. + TasksMax=infinity diff --git a/series.conf b/series.conf index 178a7d9..b83cf21 100644 --- a/series.conf +++ b/series.conf @@ -41,3 +41,4 @@ patch/0041-containerd-do-not-report-error-log-when-skip-otlp-pl.patch patch/0042-containerd-execute-delayKill-when-fd-is-exhausted.patch patch/0043-containerd-delete-task-asynchronously-to-avoid-conta.patch patch/0044-containerd-fix-dead-loop.patch +patch/0045-containerd-remove-limitnofile-from-containerd-service.patch -- Gitee