Sanity-check maximum open-fd limits at startup, and cap if needed

This triggers a reporter warning when the limit gets reduced. This will happen by default in Docker environments until libkqueue gets fixed, or containerd changes its default-uncapped behavior. mheily/libkqueue#153 moby/moby#38814
ckreibich · Nov 20, 2024 · cadf083 · cadf083
1 parent 045d921
commit cadf083
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc
@@ -491,6 +491,15 @@ SetupResult setup(int argc, char** argv, Options* zopts) {
     if ( options.run_unit_tests )
         options.deterministic_mode = true;
 
+    // Cap the allowable open file descriptor limits. We do this primarily to
+    // hedge against libkqueue's allocate-state-for-every-possible-fd behavior,
+    // which can allocate gigabytes of memory in high-max environments like the
+    // containerd default. This needs to happen before we create the iosource
+    // manager, which initializes kqueue.
+    //
+    // For context see: https://github.com/mheily/libkqueue/issues/153
+    auto nofile_caps = util::nofile_cap_limits();
+
     auto stem = Supervisor::CreateStem(options.supervisor_mode);
 
     if ( Supervisor::ThisNode() ) {
@@ -690,6 +699,11 @@ SetupResult setup(int argc, char** argv, Options* zopts) {
     if ( options.print_usage )
         usage(argv[0], 0);
 
+    // Now that we're past any help output, warn if we reduced the fd limits:
+    if ( nofile_caps[0] > nofile_caps[2] || nofile_caps[1] > nofile_caps[3] )
+        reporter->Warning("reduced open file descriptor limits (soft/hard %lu/%lu -> %lu/%lu)", nofile_caps[0],
+                          nofile_caps[1], nofile_caps[2], nofile_caps[3]);
+
     init_event_handlers();
 
     md5_type = make_intrusive<OpaqueType>("md5");