feat(config): pass rlimits to urunit via UCS

This extracts the rlimits from the OCI spec in the unikontainer
logic and appends them to the UCS configuration block generated
in linux.go. This allows the guest init process (urunit) to
enforce resource limits.

Signed-off-by: Sankalp <[email protected]>

Author: codesmith25103

.github/linters/urunc-dict.txt

@@ -373,3 +373,4 @@ Imgs
 nosec
 derr
 ldconfig
+Rlimits

pkg/unikontainers/types/types.go

@@ -60,11 +60,18 @@ type RootfsParams struct {
 	MonRootfs   string // The rootfs for the monitor process
 }
 
+type Rlimit struct {
+	Type string
+	Hard uint64
+	Soft uint64
+}
+
 // Specific to Linux
 type ProcessConfig struct {
 	UID     uint32 // The uid of the process inside the guest
 	GID     uint32 // The gid of the process inside the guest
 	WorkDir string // The workdir of the process inside the guest
+	Rlimits []Rlimit
 }
 
 // UnikernelParams holds the data required to build the unikernels commandline

pkg/unikontainers/unikernels/linux.go

@@ -314,6 +314,15 @@ func (l *Linux) buildUrunitConfig() string {
 	sb.WriteString("WD:")
 	sb.WriteString(l.ProcConfig.WorkDir)
 	sb.WriteString("\n")
+	for _, limit := range l.ProcConfig.Rlimits {
+		sb.WriteString("RLIMIT:")
+		sb.WriteString(limit.Type)
+		sb.WriteString(":")
+		sb.WriteString(strconv.FormatUint(limit.Hard, 10))
+		sb.WriteString(":")
+		sb.WriteString(strconv.FormatUint(limit.Soft, 10))
+		sb.WriteString("\n")
+	}
 	sb.WriteString(lpcEndMarker)
 	sb.WriteString("\n")
 	sb.WriteString(blkStartMarker)

pkg/unikontainers/unikontainers.go

@@ -278,6 +278,16 @@ func (u *Unikontainer) Exec(metrics m.Writer) error {
 		GID:     u.Spec.Process.User.GID,
 		WorkDir: u.Spec.Process.Cwd,
 	}
+
+	if u.Spec.Process.Rlimits != nil {
+		for _, rl := range u.Spec.Process.Rlimits {
+			procAttrs.Rlimits = append(procAttrs.Rlimits, types.Rlimit{
+				Type: rl.Type,
+				Hard: rl.Hard,
+				Soft: rl.Soft,
+			})
+		}
+	}
 	// UnikernelParams
 	// populate unikernel params
 	unikernelParams := types.UnikernelParams{