diff --git a/containerd.spec b/containerd.spec index 8ee127349b6d4b7bb2698eb219d8af84744a0edf..7fa42954271a32f0a6a66280a1c27d23aa8b271d 100644 --- a/containerd.spec +++ b/containerd.spec @@ -2,7 +2,7 @@ %global debug_package %{nil} Version: 1.6.22 Name: containerd -Release: 21 +Release: 22 Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io @@ -68,6 +68,12 @@ install -D -p -m 0644 %{S:7} %{buildroot}%{_sysconfdir}/containerd/config.toml %exclude %{_bindir}/containerd-stress %changelog +* Fri Aug 08 2025 Yu Peng - 1.6.22-22 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix: Remove `LimitNOFILE` from `containerd.service` + * Wed Jul 23 2025 dongyuzhen - 1.6.22-21 - Type:bugfix - ID:NA diff --git a/patch/0045-containerd-remove-limitnofile-from-containerd-service.patch b/patch/0045-containerd-remove-limitnofile-from-containerd-service.patch new file mode 100644 index 0000000000000000000000000000000000000000..87db97c2740853db84e33af325d7724e5aa66100 --- /dev/null +++ b/patch/0045-containerd-remove-limitnofile-from-containerd-service.patch @@ -0,0 +1,35 @@ +commit 3ca39ef01608fdd44245c0173bf071682b3bfe3c +Author: Brennan Kinney <5098581+polarathene@users.noreply.github.com> +Date: Mon Aug 7 12:47:16 2023 +1200 + + fix: Remove `LimitNOFILE` from `containerd.service` + + + + Remove `LimitNOFILE` from `containerd.service` to rely on the systemd v240 implicit default of `1024:524288`. On supported platforms with systemd prior to v240, packagers will patch the service with an explicit `LimitNOFILE=1024:524288`. + + - `1024` soft limit is an implicit default, avoiding unexpected breakage. Software that needs a higher limit should request to raise the soft limit for its process. + - `524288` hard limit is an implicit default since systemd v240 and is adequate for most processes (_half of the historical limit from `fs.nr_open` of `1048576`_), while 4096 is the implicit default from the kernel (often too low). + - The hard limit may not exceed `fs.nr_open` (_which a value of `infinity` will resolve to_). On most systems with systemd v240 or newer, this will resolve to an excessive size of 2^30 (over 1 billion). + - When set to `infinity` (usually as the soft limit) software may experience significantly increased resource usage, resulting in a performance regression or runtime failures that are difficult to troubleshoot. + + Signed-off-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> + +diff --git a/containerd.service b/containerd.service +index 38a345945..cf7c6efed 100644 +--- a/containerd.service ++++ b/containerd.service +@@ -28,11 +28,12 @@ Delegate=yes + KillMode=process + Restart=always + RestartSec=5 ++ + # Having non-zero Limit*s causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. + LimitNPROC=infinity + LimitCORE=infinity +-LimitNOFILE=infinity ++ + # Comment TasksMax if your systemd version does not supports it. + # Only systemd 226 and above support this version. + TasksMax=infinity diff --git a/series.conf b/series.conf index 178a7d990c0860a3a761b31439bea1cd9ecfe0a6..b83cf21fd50913323fe1e35dd4bf07b2eb8fd33c 100644 --- a/series.conf +++ b/series.conf @@ -41,3 +41,4 @@ patch/0041-containerd-do-not-report-error-log-when-skip-otlp-pl.patch patch/0042-containerd-execute-delayKill-when-fd-is-exhausted.patch patch/0043-containerd-delete-task-asynchronously-to-avoid-conta.patch patch/0044-containerd-fix-dead-loop.patch +patch/0045-containerd-remove-limitnofile-from-containerd-service.patch