Tag Archives: limit

max file limits on boot2docker

Am trying to run apache2 on an ubuntu-flavoured docker container using boot2docker on OSX and I’m hitting a problem:


# service apache2 start
* Starting web server apache2 /usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted)
Setting ulimit failed. See README.Debian for more information.

A ulimit -n on the container says 1024 and trying to set it any higher fails. This is because it’s a limit coming from the host (the boot2docker vm)


$ boot2docker ssh
...

$ ulimit -n
1024

We can change this in the boot2docker vm as the physical host (my macbook) has higher limits:


$ boot2docker ssh
...

$ sudo su
$ ulimit -n 8192
$ ulimit -n
8192

ulimit only changes the setting for the current shell and processes started by it, so as soon as you drop back to a regular user


$ exit
$ ulimit -n
$ 1024

boot2docker uses a stripped down linux flavour based on tinycore. This doesn’t use PAM, so it doesn’t have the /etc/security/limits.conf file which would normally be used to set global limits.

The only solution I could come up with is to add a call to ulimit in the docker init script on the boot2docker machine:


vi /etc/init.d/docker
...

ulimit -n 8192

start() {
DOCKER_DIR=/var/lib/docker
mkdir -p "$DOCKER_DIR"

... etc ...

Then to restart the docker daemon:


sudo /etc/init.d/docker restart

This change is only temporary though. If you want to add it to the boot2docker iso permanently you could always build your own iso: https://github.com/boot2docker/boot2docker/blob/master/doc/BUILD.md

Group permissions ignored on NFS

I’ve just spent 20 minutes staring at group permissions on a server and banging my head of a desk because my user couldn’t write a file in a particular directory.

I was absolutely *sure* the permissions were right.

Directory was on an NFS share. Turns out that there’s a limit to the number of unix groups that work with NFS (it’s 16). If you’re in more groups than that it ignores them.

There’s a detailed discussion of the problem at http://nfsworld.blogspot.co.uk/2005/03/whats-deal-on-16-group-id-limitation.html.