Don't limit the size on /run for systemd based containers

We had a customer incident where they ran out of space on /run. If you don't specify size, it will be still limited to 50% or memory available in the cgroup the container is running in. If the cgroup is unlimited then the /run will be limited to 50% of the total memory on the system. Also /run is mounted on the host as exec, so no reason for us to mount it noexec. Signed-off-by: Daniel J Walsh <[email protected]>
containers · Aug 18, 2020 · bd63a25 · bd63a25
1 parent 748e882
commit bd63a25
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 8 deletions.
diff --git a/cmd/podman/common/volumes.go b/cmd/podman/common/volumes.go
@@ -88,17 +88,11 @@ func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bo
 			if _, ok := unifiedVolumes[dest]; ok {
 				continue
 			}
-			localOpts := options
-			if dest == "/run" {
-				localOpts = append(localOpts, "noexec", "size=65536k")
-			} else {
-				localOpts = append(localOpts, "exec")
-			}
 			unifiedMounts[dest] = spec.Mount{
 				Destination: dest,
 				Type:        TypeTmpfs,
 				Source:      "tmpfs",
-				Options:     localOpts,
+				Options:     options,
 			}
 		}
 	}

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
@@ -571,7 +571,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 			Destination: dest,
 			Type:        "tmpfs",
 			Source:      "tmpfs",
-			Options:     append(options, "tmpcopyup", "size=65536k"),
+			Options:     append(options, "tmpcopyup"),
 		}
 		g.AddMount(tmpfsMnt)
 	}