podman build with rootful machine in macos aarch64 fails with exceeded fd limit

[jaysonsantos]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Steps to reproduce the issue:

1. On an M1 macos create a podman machine podman machine init --rootful --cpus 8 --memory 12048 --now
2. Create a dockerfile

cat > Dockerfile << 'EOF'
FROM alpine
ARG BUILDARCH=x86_64

RUN apk add curl git make
ENV ZIG_VERSION=0.10.0
ENV ZIG_URL="https://ziglang.org/download/${ZIG_VERSION}/zig-linux-${BUILDARCH}-${ZIG_VERSION}.tar.xz"

WORKDIR /zig
RUN curl -sL "$ZIG_URL" -o zig.tar.xz \
    && tar xvf zig.tar.xz --strip-components=1 \
    && rm zig.tar.xz

WORKDIR /wireguard-tools
RUN git clone --depth=1 https://git.zx2c4.com/wireguard-tools .

ENV CC "/zig/zig cc -target arm-linux-musleabi"
ENV CXX "/zig/zig cxx -target arm-linux-musleabi"
RUN cd src && make

EOF

3. Build with podman build -t wireguard .

Describe the results you received:

STEP 12/12: RUN cd src && make
  CC      wg.o
  CC      config.o
  CC      curve25519.o
  CC      encoding.o
  CC      genkey.o
  CC      ipc.o
  CC      pubkey.o
  CC      set.o
  CC      setconf.o
  CC      show.o
  CC      showconf.o
  CC      terminal.o
  LD      wg
ld.lld: warning: lld uses blx instruction, no object with architecture supporting feature detected
ld.lld: warning: lld uses blx instruction, no object with architecture supporting feature detected
In file included from /zig/lib/libc/musl/crt/rcrt1.c:3:
/zig/lib/libc/musl/crt/../ldso/dlstart.c:146:20: warning: a function declaration without a prototype is deprecated in all versions of C and is treated as a zero-parameter prototype in C2x, conflicting with a subsequent definition [-Wdeprecated-non-prototype]
        GETFUNCSYM(&dls2, __dls2, base+dyn[DT_PLTGOT]);
                          ^
/zig/lib/libc/musl/crt/rcrt1.c:11:13: note: conflicting prototype is here
hidden void __dls2(unsigned char *base, size_t *sp)
            ^
1 warning generated.
error(compilation): /zig/lib/libc/musl/src/math/floor.c:1:1: unable to build C object: unable to spawn /zig/zig: ProcessFdQuotaExceeded
error(compilation): /zig/lib/libc/musl/src/math/finitef.c:1:1: unable to build C object: unable to spawn /zig/zig: ProcessFdQuotaExceeded
...
make: *** [<builtin>: wg] Error 1
Error: building at STEP "RUN cd src && make": while running runtime: exit status 2

Describe the results you expected:
This should compile or give a way to set the limits there.
The same works without the compile step and running the image with docker run --rm -it wireguard make -C src

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

podman version
Client:       Podman Engine
Version:      4.3.1
API Version:  4.3.1
Go Version:   go1.18.8
Built:        Wed Nov  9 21:43:58 2022
OS/Arch:      darwin/arm64

Server:       Podman Engine
Version:      4.3.1
API Version:  4.3.1
Go Version:   go1.19.2
Built:        Fri Nov 11 16:00:31 2022
OS/Arch:      linux/arm64

Output of podman info:

podman info
host:
  arch: arm64
  buildahVersion: 1.28.0
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - pids
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.5-1.fc37.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.5, commit: '
  cpuUtilization:
    idlePercent: 93.04
    systemPercent: 4.28
    userPercent: 2.67
  cpus: 8
  distribution:
    distribution: fedora
    variant: coreos
    version: "37"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.0.9-300.fc37.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 10716393472
  memTotal: 12258607104
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.7-1.fc37.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.7
      commit: 40d996ea8a827981895ce22886a9bac367f87264
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-8.fc37.aarch64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 0h 16m 29.00s
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 106769133568
  graphRootUsed: 4750204928
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 48
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.3.1
  Built: 1668178831
  BuiltTime: Fri Nov 11 16:00:31 2022
  GitCommit: ""
  GoVersion: go1.19.2
  Os: linux
  OsArch: linux/arm64
  Version: 4.3.1

Package info (e.g. output of rpm -q podman or apt list podman or brew info podman):

brew info podman
==> podman: stable 4.3.1 (bottled), HEAD
Tool for managing OCI containers and pods
https://podman.io/
/opt/homebrew/Cellar/podman/4.3.1 (185 files, 47.6MB) *
  Poured from bottle on 2022-11-22 at 21:21:16
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/podman.rb
License: Apache-2.0 and GPL-3.0-or-later
==> Dependencies
Build: go-md2man ✘, go@1.18 ✘
Required: qemu ✔
==> Options
--HEAD
        Install HEAD version
==> Caveats
zsh completions have been installed to:
  /opt/homebrew/share/zsh/site-functions

To restart podman after an upgrade:
  brew services restart podman
Or, if you don't want/need a background service you can just run:
  /opt/homebrew/opt/podman/bin/podman system service --time=0
==> Analytics
install: 27,899 (30 days), 80,327 (90 days), 240,091 (365 days)
install-on-request: 25,430 (30 days), 75,875 (90 days), 234,540 (365 days)
build-error: 12 (30 days)

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[mheon]

Possibly a dupe of #16106

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

Closing as a dup.