From 3ca39ef01608fdd44245c0173bf071682b3bfe3c Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Mon, 7 Aug 2023 12:47:16 +1200
Subject: [PATCH] fix: Remove `LimitNOFILE` from `containerd.service`

Remove `LimitNOFILE` from `containerd.service` to rely on the systemd v240 implicit default of `1024:524288`. On supported platforms with systemd prior to v240, packagers will patch the service with an explicit `LimitNOFILE=1024:524288`.

- `1024` soft limit is an implicit default, avoiding unexpected breakage. Software that needs a higher limit should request to raise the soft limit for its process.
- `524288` hard limit is an implicit default since systemd v240 and is adequate for most processes (_half of the historical limit from `fs.nr_open` of `1048576`_), while 4096 is the implicit default from the kernel (often too low).
- The hard limit may not exceed `fs.nr_open` (_which a value of `infinity` will resolve to_). On most systems with systemd v240 or newer, this will resolve to an excessive size of 2^30 (over 1 billion).
- When set to `infinity` (usually as the soft limit) software may experience significantly increased resource usage, resulting in a performance regression or runtime failures that are difficult to troubleshoot.

Signed-off-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
---
 containerd.service | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/containerd.service b/containerd.service
index 38a345945..cf7c6efed 100644
--- a/containerd.service
+++ b/containerd.service
@@ -28,11 +28,12 @@ Delegate=yes
 KillMode=process
 Restart=always
 RestartSec=5
+
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
 LimitNPROC=infinity
 LimitCORE=infinity
-LimitNOFILE=infinity
+
 # Comment TasksMax if your systemd version does not supports it.
 # Only systemd 226 and above support this version.
 TasksMax=infinity