Bug 1472410
Summary: | /dev is mounted as a tmpfs and should be limited in size the same way that /dev/shm is. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Daniel Walsh <dwalsh> | ||||
Component: | docker | Assignee: | Antonio Murdaca <amurdaca> | ||||
Status: | CLOSED WONTFIX | QA Contact: | atomic-bugs <atomic-bugs> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.4 | CC: | amurdaca, lsm5, mpatel, pasik, tsweeney, vgoyal | ||||
Target Milestone: | rc | Keywords: | Extras | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2020-06-09 21:04:42 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Daniel Walsh
2017-07-18 16:20:27 UTC
Also needs to be fixed in Fedora. This is really under docker. But I am not sure it is real important. Since /tmp size is controlled by memory cgroup, this would only allow a user to use 50% of available memory in his container. If the admin does not set any memory limit on a container the processes inside could use 100% or memory. Created attachment 1300623 [details]
This patch might fix the issue.
Yeah, that should work. Do we want to make it configurable though like the --shm-size flag in docker? I don't think it would ever grow to that big of a size unless the user is doing something very wrong, the only things that should be in /dev are devicenodes. Giving a container with a tmpfs limited with size makes sense. We have no plans to ship another version of Docker at this time. RHEL7 is in final support stages where only security fixes will get released. Customers should move to use Podman which is available starting in RHEL 7.6. |