add ulimits for porto isolation

interiorem · Nov 16, 2016 · b14f036 · b14f036
1 parent 5c61a4e
commit b14f036
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 8 deletions.
diff --git a/isolate/porto/box.go b/isolate/porto/box.go
@@ -50,6 +50,7 @@ type portoBoxConfig struct {
 	CleanupEnabled   bool              `json:"cleanupenabled"`
 	SetImgUri        bool              `json:"setimguri"`
 	WeakEnabled      bool              `json:"weakenabled"`
+	DefaultUlimits   string            `json:"defaultulimits"`
 }
 
 func (c *portoBoxConfig) String() string {
@@ -459,6 +460,7 @@ func (b *Box) Spawn(ctx context.Context, config isolate.SpawnConfig, output io.W
 		Profile:    profile,
 		name:       config.Name,
 		executable: config.Executable,
+		ulimits:    b.config.DefaultUlimits,
 		args:       config.Args,
 		env:        config.Env,
 	}

diff --git a/isolate/porto/container.go b/isolate/porto/container.go
@@ -33,7 +33,7 @@ type container struct {
 
 type execInfo struct {
 	*docker.Profile
-	name, executable string
+	name, executable, ulimits string
 	args, env        map[string]string
 }
 
@@ -151,6 +151,11 @@ func newContainer(ctx context.Context, portoConn porto.API, cfg containerConfig,
 	if err = portoConn.SetProperty(cfg.ID, "env", formatEnv(info.env)); err != nil {
 		return nil, err
 	}
+	if info.ulimits != "" {
+		if err = portoConn.SetProperty(cfg.ID, "ulimit", info.ulimits); err != nil {
+			return nil, err
+		}
+	}
 	if info.Cwd != "" {
 		if err = portoConn.SetProperty(cfg.ID, "cwd", info.Cwd); err != nil {
 			return nil, err
@@ -205,24 +210,19 @@ func (c *container) Kill() (err error) {
 	// Wait seems redundant as we sent SIGKILL
 	value, err := portoConn.GetData(c.containerID, "stdout")
 	if err != nil {
-		apexctx.GetLogger(c.ctx).WithField("id", c.containerID).WithError(err).Warn("unbale to get stdout")
+		apexctx.GetLogger(c.ctx).WithField("id", c.containerID).WithError(err).Warn("unable to get stdout")
 	}
 	// TODO: add StringWriter interface to an output
 	c.output.Write([]byte(value))
 	apexctx.GetLogger(c.ctx).WithField("id", c.containerID).Infof("%d bytes of stdout have been sent", len(value))
 
 	value, err = portoConn.GetData(c.containerID, "stderr")
 	if err != nil {
-		apexctx.GetLogger(c.ctx).WithField("id", c.containerID).WithError(err).Warn("unbale to get stderr")
+		apexctx.GetLogger(c.ctx).WithField("id", c.containerID).WithError(err).Warn("unable to get stderr")
 	}
 	c.output.Write([]byte(value))
 	apexctx.GetLogger(c.ctx).WithField("id", c.containerID).Infof("%d bytes of stderr have been sent", len(value))
 
-	apexctx.GetLogger(c.ctx).WithField("id", c.containerID).Debugf("footprint %s", containerFootprint{
-		portoConn:   portoConn,
-		containerID: c.containerID,
-	})
-
 	if err = portoConn.Kill(c.containerID, syscall.SIGKILL); err != nil {
 		if !isEqualPortoError(err, portorpc.EError_InvalidState) {
 			return err

diff --git a/stout-default.conf b/stout-default.conf
@@ -39,6 +39,7 @@
                 "layers": "/var/tmp/layers",
                 "containers": "/var/tmp/containers",
                 "journal": "/var/tmp/portojournal.jrnl",
+                "defaultulimits": "core: unlimited unlimited",
                 "registryauth": {
                     "registry.images.net": "OAuth token"
     	        }