From bd63a252f3095274e35c9ab2f5d51f833dd89619 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 17 Aug 2020 16:24:56 -0400 Subject: [PATCH] Don't limit the size on /run for systemd based containers We had a customer incident where they ran out of space on /run. If you don't specify size, it will be still limited to 50% or memory available in the cgroup the container is running in. If the cgroup is unlimited then the /run will be limited to 50% of the total memory on the system. Also /run is mounted on the host as exec, so no reason for us to mount it noexec. Signed-off-by: Daniel J Walsh --- cmd/podman/common/volumes.go | 8 +------- libpod/container_internal_linux.go | 2 +- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/cmd/podman/common/volumes.go b/cmd/podman/common/volumes.go index 20c31bd819..ca0b107659 100644 --- a/cmd/podman/common/volumes.go +++ b/cmd/podman/common/volumes.go @@ -88,17 +88,11 @@ func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bo if _, ok := unifiedVolumes[dest]; ok { continue } - localOpts := options - if dest == "/run" { - localOpts = append(localOpts, "noexec", "size=65536k") - } else { - localOpts = append(localOpts, "exec") - } unifiedMounts[dest] = spec.Mount{ Destination: dest, Type: TypeTmpfs, Source: "tmpfs", - Options: localOpts, + Options: options, } } } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index fdee3877cb..ea4340e006 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -571,7 +571,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro Destination: dest, Type: "tmpfs", Source: "tmpfs", - Options: append(options, "tmpcopyup", "size=65536k"), + Options: append(options, "tmpcopyup"), } g.AddMount(tmpfsMnt) }