mirror of
https://github.com/moby/moby.git
synced 2026-01-11 18:51:37 +00:00
7263ae74cd
These were originally added in7b9ecb9700. The `StartLimitBurst` and `StartLimitInterval` options used to be options for `[Service]`, but were moved to the `[Unit]` in systemd 229, and systemd 230 respectively. The `StartLimitInterval` was renamed to `StartLimitIntervalSec`, which either takes a number (using "seconds" as default unit) or an optional unit; -6bf0f408e4-f0367da7d1We kept these deprecated options to provide compatibility with older distros that not yet had systemd 230, but all distros we support are now on versions of systemd that support the new options; docker run --rm registry.access.redhat.com/ubi8/ubi systemctl --version systemd 239 (239-82.el8_10.5) +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy docker run -it --rm debian: apt-get update && apt-get install -y systemd ... systemctl --version systemd 247 (247.3-7+deb11u6) +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
39 lines
1.2 KiB
Desktop File
39 lines
1.2 KiB
Desktop File
[Unit]
|
|
Description=Docker Application Container Engine
|
|
Documentation=https://docs.docker.com
|
|
After=network-online.target nss-lookup.target docker.socket firewalld.service containerd.service time-set.target
|
|
Wants=network-online.target containerd.service
|
|
Requires=docker.socket
|
|
StartLimitBurst=3
|
|
StartLimitIntervalSec=60
|
|
|
|
[Service]
|
|
Type=notify
|
|
# the default is not to use systemd for cgroups because the delegate issues still
|
|
# exists and systemd currently does not support the cgroup feature set required
|
|
# for containers run by docker
|
|
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
TimeoutStartSec=0
|
|
RestartSec=2
|
|
Restart=always
|
|
|
|
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
|
# in the kernel. We recommend using cgroups to do container-local accounting.
|
|
LimitNPROC=infinity
|
|
LimitCORE=infinity
|
|
|
|
# Comment TasksMax if your systemd version does not support it.
|
|
# Only systemd 226 and above support this option.
|
|
TasksMax=infinity
|
|
|
|
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
|
Delegate=yes
|
|
|
|
# kill only the docker process, not all processes in the cgroup
|
|
KillMode=process
|
|
OOMScoreAdjust=-500
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|