-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
macOS: The limit of open files in mounted volumes is 64, which is incredibly low #16106
Comments
Thanks for reaching out! @ashley-cui @baude can you confirm the observation? |
I also got troubled with open files limit in macOS m1 chip. It seems to be related to this issue. |
@gbraad Do you know if this is easily overridden? |
Updated: Hmm. It can be reproduced by any files in It seems it cannot be reproduced without a file on a mounted volume. I wonder whether it is related to 9p and virtio. I tested on a MacBook Pro with Intel Chip:
The mount info:
The test file on a volume:
The test file on a writable layer instead of a volume:
|
I searched the linux kernel ( I have made some experiments by The A workaround is |
A friendly reminder that this issue had no activity for 30 days. |
Perhaps if we move to MAC native virtualization this will be fixed. |
A friendly reminder that this issue had no activity for 30 days. |
By using something like VZVirtioFileSystemDeviceConfiguration to replace the 9p file system? Is this in the roadmap of podman machine? |
Yes this is on the roadmap. |
Running into this while trying to build Node.js / Go apps in a container with a large git repo shared from the host to the container. My options seem to be:
Does that sound about right? |
I seem to recall running into open file limits despite using virtiofs when I was experimenting with it last year. A lot has changed since the last time I touched the virtualization framework though. If for some reason virtiofs would bypass user limits without podman explicitly setting ulimit on start, I would call it a bug as well as a security issue. |
If using Podman with VS Code, VS Code will happily open enough files to almost reach this limit before you start doing anything, so it's easy for a small build job to run out of open files. It would be nice if podman machine start would set the limit itself. |
What limit should it set? |
I set it to unlimited. As I recall, XNU has three fd limits:
I think this was the first bug I ever reported in OS X: they didn’t change the latter two since they were set in OPENSTEP 4, so they were low enough to break things if you had a lot of apps open. Around 10.4, they increased both and (I think) made them scale with available memory, so even if ulimit is set to unlimited there are two later limits that prevent the system exhausting kernel resources with too many fds. |
Seems reasonable, if a non-admin user can do this. |
I was quite surprised that you can increase ulimit values, but it seems that you can, at least for this one. I am an admin user, but I didn't privilege elevate. Not sure if it's disallowed for non-admin users. |
if i understand this issue (and maybe i dont fully grok it), I think #20612 might resolve this when all the applehv work is done in FCOS and it also merges. Do folks agree? |
Checked as of commit 111b233 (2 hours ago). Seems to still be unresolved. I thought qemu needed it's ulimit increased to resolve this, not the services inside the VM. Update to help illustrate the issue: The problem is that the virtiofs server provided by qemu is inheriting the ulimit of the user launching it. This is my default ulimit:
Before starting my podman machine, I increase it to 2000:
In contrast, if I lower the open file count to 80 (tried 50, but it was too low), we see that the number of open files reached is just 21
|
The fix for this is to update the open file limit like this:
It needs to happen before the qemu process is started: podman/pkg/machine/qemu/machine.go Line 490 in 111b233
What I did for testing was probably results in the limit always being updated, but it does work. I added an init function here for to test the ulimit changes in Go: https://github.com/containers/podman/blob/main/pkg/machine/qemu/machine_unix.go#L14
|
Please open a PR to make this change. |
Limits are a security/safety feature. The suggestion I made is too broadly scoped. I will follow up in a few hours with a PR that is more narrowly scoped to address this issue. I believe the change final change should only affect MacOS, FreeBSD, and Linux when qemu is being used to serve files, using virtiofs or p9. |
Also... I'm starting to question if this should actually be addressed in qemu instead. I can't recall ever running into issues with the p9 server in qemu, but that's because p9 is functionally different than virtiofs... Feedback on this is welcome, while I put together my PR today. 🤔 |
It's not exactly what I wanted to do, but this is what I landed on for resolving this: #20643 |
Merge in #20643 fixes this. |
@mortie @protosam Can this be closed now? |
@sanmai-NL as far as I can tell, this is solved. So I want to say: yes. |
I still end up with an error when doing an NPM install, might be doing something wrong, I am on an intel mac 2.6 GHz 6-Core Intel Core i7 with sonoma
|
@plessbd use the nolimit flag on your @sanmai-NL upon testing today, the PR I made prior seems to work. I upgraded to version |
That worked! Thank you Technically since I was using podman-compose I set the default for everything (better to do it in the compose file, but well I was lazy for testing: cat ~/.local/share/containers/containers.conf
[containers]
default_ulimits = [
"nofile=65535:65535",
] |
@sanmai-NL I still think we're good to close the issue. |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Volumes mounted with
-v
have a max open file count of 64. This is way too low to be useful.Steps to reproduce the issue:
mkdir data-dir
podman run --rm -it -v $(pwd)/data-dir:/data-dir ubuntu:22.04
/data-dir
.Here's some source code I wrote for testing (and which also reports its resource limits, for good measure):
If we compile and run that:
apt update && apt install gcc
gcc -o nofile nofile.c
touch /data-dir/test-file
./nofile /data-dir/test-file
Describe the results you received:
The program is only able to open 64 or so files.
Describe the results you expected:
The program should've been able to open a whole lot more than 64. I don't know what would be a good default, but 1048576 (which is used as the default resource limit for everything outside of volumes) seems like a good number.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info
:Package info (e.g. output of
rpm -q podman
orapt list podman
orbrew info podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Podman is running on macOS running on a Mac with an M1 Pro chip.
The text was updated successfully, but these errors were encountered: