What Does "Soft/Hard Nofile" Mean on Linux

What does soft/hard nofile mean on Linux

These are: a 'soft' and a 'hard' limit for number of files a process may have opened at a time. Both limit the same resource (no relation to hard links or anything). The difference is: the soft limit may be changed later, up to the hard limit value, by the process running with these limits and hard limit can only be lowered – the process cannot assign itself more resources by increasing the hard limit (except processes running with superuser privileges (as root)).

Similar limits can be set for other system resources: system memory, CPU time, etc. See the setrlimit(2) manual page or the description of your shell's ulimit build-in command (e.g. in the bash(1) manual page.

Need understand ulimit 's nofile setting in host and container

For example, If a Linux OS has ulimit nofile set to 1024 (soft) and Hard (4096) , and I run docker with ----ulimit nofile=10240:40960, could the container use more nofiles than its host?

  • Docker has the CAP_SYS_RESOURCE capability set on it's permissions.
    This means that Docker is able to set an ulimit different from the host. according to man 2 prlimit:

A privileged process (under Linux: one with the CAP_SYS_RESOURCE capability in the initial user namespace) may make arbitrary changes to either limit value.

  • So, for containers, the limits to be considered are the ones set by the docker daemon.
    You can check the docker daemon limits with this command:
$ cat /proc/$(ps -A | grep dockerd | awk '{print $1}')/limits | grep "files"
Max open files            1048576              1048576              files

  • As you can see, the docker 19 has a pretty high limit of 1048576 so your 40960 will work like a charm.

  • And if you run a docker container with --ulimit set to be higher than the node but lower than the daemon itself, you won't find any problem, and won't need to give additional permissions like in the example bellow:

$ cat /proc/$(ps -A | grep dockerd | awk '{print $1}')/limits | grep "files"
Max open files            1048576              1048576              files     

$ docker run -d -it --rm --ulimit nofile=99999:99999 python python;
354de39a75533c7c6e31a1773a85a76e393ba328bfb623069d57c38b42937d03

$ cat /proc/$(ps -A | grep python | awk '{print $1}')/limits | grep "files"
Max open files            99999                99999                files
  • You can set a new limit for dockerd on the file /etc/init.d/docker:
$ cat /etc/init.d/docker | grep ulimit
                ulimit -n 1048576
  • As for the container itself having a ulimit higher than the docker daemon, it's a bit more tricky, but doable, refer here.
  • I saw you have tagged the Kubernetes tag, but didn't mention it in your question, but in order to make it work on Kubernetes, the container will need securityContext.priviledged: true, this way you can run the command ulimit as root inside the container, here an example:
image: image-name
  command: ["sh", "-c", "ulimit -n 65536"]
  securityContext:
    privileged: true

What is the max opened files limitation on Linux?

You can check the Soft limits and hard limits of your system by ulimit -a command.

  1. soft limits are simply the currently enforced limits.
  2. hard limits mark the maximum value which cannot be exceeded by setting a soft limit.

Soft limits could be set by any user while hard limits are changeable only by root. Limits are a property of a process. They are inherited when a child process is created so system-wide limits should be set during the system initialization in init scripts and user limits should be set during user login for example by using pam_limits.

There are often defaults set when the machine boots. So, even though you may reset your ulimit in an individual shell, you may find that it resets back to the previous value on reboot. You may want to grep your boot scripts for the existence ulimit commands if you want to change the default.

If the limitation was 1024, means you/process can open maximum 1024 files. if you exceed this limit means open, pipe and dup system calls will fail:

RLIMIT_NOFILE:

Specifies a value one greater than the maximum file descriptor number that can be opened by this process. Attempts (open(2), pipe(2), dup(2), etc.) to exceed this limit yield the error EMFILE.


Related Topics

Prompting for User Input in Assembly Ci20 Seg Fault

Passing Main Script Variables into Perl Modules

Interprocess Communication Using Pipe in Linux

Executing String Sent from One Terminal in Another in Linux Pseudo-Terminal

How to Shell Have More Than One Job in Linux

How to Group by Column Values into Row and Column Header and Then Sum the Value

Find and Remove a Line in Multiple Files

Ansible Inside Script Command Not Found

How to Setup the Passwords-Less Authentication Between Two Different Accounts

Remove Match Word from File

Linux Script Extract Information from Excel to Create Users

Force Unmount of Nfs-Mounted Directory

How to Find a File/Directory That Could Be Anywhere on Linux Command Line

Android Studio Error After ./Studio.Sh

How to Fetch Java Version Using Single Line Command in Linux

Should I Put Trailing Slash After Source and Destination When Copy Folders

Stracing to Attach to a Multi-Threaded Process

How to Check That Two Folders Are the Same in Linux


Leave a reply



Submit