Skip to content

LimitNOFILE is silently changed to the host soft limit with the new containerd #51485

Closed
docker/docs
#23730
Closed
LimitNOFILE is silently changed to the host soft limit with the new containerd#51485
docker/docs
#23730
Labels
docs/revisitimpact/changelogversion/29.0
@giuliovn

Description

@giuliovn
giuliovn
opened on Nov 11, 2025

Description

I don't think this is actually a bug, on many respects it is an improvement. But it introduces silent changes that may break some workflows (talking from experience).

With v29 also containerd 2.1.5 was released (previously I had 1.7). It is installed with different ulimit settings for the allowed number of open files (see containerd/containerd@3ca39ef).
This is inherited down the way and changes the default settings of running containers.

Reproduce

Tested on ubuntu 24.

  1. Usual docker installation procedure, but pin containerd.io:
    sudo apt install docker-ce docker-ce-cli **containerd.io=1.7.29-1~ubuntu.24.04~noble** docker-buildx-plugin docker-compose-plugin -y
  2. sudo docker run ubuntu bash -c 'ulimit -n' returns 1048576 (the number may be different depending on th host)
  3. sudo apt install containerd.io=2.1.5-1~ubuntu.24.04~noble
  4. sudo docker run ubuntu bash -c 'ulimit -n' returns 1024

Expected behavior

No response

docker version

Client: Docker Engine - Community
 Version:           29.0.0
 API version:       1.52
 Go version:        go1.25.4
 Git commit:        3d4129b
 Built:             Mon Nov 10 21:46:31 2025
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          29.0.0
  API version:      1.52 (minimum version 1.44)
  Go version:       go1.25.4
  Git commit:       d105562
  Built:            Mon Nov 10 21:46:31 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v2.1.5
  GitCommit:        fcd43222d6b07379a4be9786bda52438f0dd16a1
 runc:
  Version:          1.2.5
  GitCommit:        v1.2.5-0-g59923ef1
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    29.0.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.29.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.40.3
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 2
  Running: 0
  Paused: 0
  Stopped: 2
 Images: 1
 Server Version: 29.0.0
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: fcd43222d6b07379a4be9786bda52438f0dd16a1
 runc version: v1.3.3-0-gd842d771
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.14.0-1015-aws
 Operating System: Ubuntu 24.04.3 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 40.24GiB
 Name: doc
 ID: 842c7ac8-17f3-49d4-8807-249e8a1fc755
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false
 Firewall Backend: iptables

Additional Info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    docs/revisitimpact/changelogversion/29.0

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions