podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE

If we are not able to make arbitrary changes to the RLIMIT_NOFILE when
lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum
allowed.  In this way the same code path works with rootless mode.

Closes: containers#2123

Signed-off-by: Giuseppe Scrivano <[email protected]>

Author: giuseppe

cmd/podman/main.go

@@ -148,16 +148,20 @@ func main() {
 			logrus.SetLevel(level)
 		}
 
-		// Only if not rootless, set rlimits for open files.
-		// We open numerous FDs for ports opened
-		if !rootless.IsRootless() {
-			rlimits := new(syscall.Rlimit)
-			rlimits.Cur = 1048576
-			rlimits.Max = 1048576
+		rlimits := new(syscall.Rlimit)
+		rlimits.Cur = 1048576
+		rlimits.Max = 1048576
+		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+			if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+				return errors.Wrapf(err, "error getting rlimits")
+			}
+			rlimits.Cur = rlimits.Max
 			if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
 				return errors.Wrapf(err, "error setting new rlimits")
 			}
-		} else {
+		}
+
+		if rootless.IsRootless() {
 			logrus.Info("running as rootless")
 		}