Sanity-check maximum open-fd limits at startup, and cap if needed

This triggers a reporter warning when the limit gets reduced. This will happen by default in Docker environments until libkqueue gets fixed, or containerd changes its default-uncapped behavior. mheily/libkqueue#153 moby/moby#38814
ckreibich · Nov 20, 2024 · f0753b6 · f0753b6
1 parent c78b45e
commit f0753b6
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc
@@ -491,6 +491,15 @@ SetupResult setup(int argc, char** argv, Options* zopts) {
     if ( options.run_unit_tests )
         options.deterministic_mode = true;
 
+    // Cap the allowable open file descriptor limits. We do this primarily to
+    // hedge against libkqueue's allocate-state-for-every-possible-fd behavior,
+    // which can lead to gigabytes of memory in high-max environments, like
+    // containerd's default. This needs to happen before we create the iosource
+    // manager, which initializes kqueue.
+    //
+    // For context see: https://github.com/mheily/libkqueue/issues/153
+    auto nofile_updates = util::nofile_cap_limits();
+
     auto stem = Supervisor::CreateStem(options.supervisor_mode);
 
     if ( Supervisor::ThisNode() ) {
@@ -690,6 +699,11 @@ SetupResult setup(int argc, char** argv, Options* zopts) {
     if ( options.print_usage )
         usage(argv[0], 0);
 
+    // Now that we're past any help output, warn if we reduced the fd limits:
+    if ( nofile_updates.show_warning() )
+        reporter->Warning("reduced open file descriptor limits (soft/hard %lu/%lu -> %lu/%lu)", nofile_updates.orig_cur,
+                          nofile_updates.orig_max, nofile_updates.new_cur, nofile_updates.new_max);
+
     init_event_handlers();
 
     md5_type = make_intrusive<OpaqueType>("md5");