feat(config): pass rlimits to urunit via UCS

codesmith25103 · codesmith25103 · commit be0d06555488 · 2025-12-23T16:02:36.000Z
This extracts the rlimits from the OCI spec in the unikontainer
logic and appends them to the UCS configuration block generated
in linux.go. This allows the guest init process (urunit) to
enforce resource limits.

Signed-off-by: Sankalp &lt;sankalp25103@gmail.com&gt;
diff --git a/.github/linters/urunc-dict.txt b/.github/linters/urunc-dict.txt
@@ -375,6 +375,7 @@ derr
 ldconfig
 vfsd
 crun
+Rlimits
 vaccel
 VACCEL
 vsock
diff --git a/pkg/unikontainers/types/types.go b/pkg/unikontainers/types/types.go
@@ -60,11 +60,18 @@ type RootfsParams struct {
 	MonRootfs   string // The rootfs for the monitor process
 }
 
+type Rlimit struct {
+	Type string
+	Hard uint64
+	Soft uint64
+}
+
 // Specific to Linux
 type ProcessConfig struct {
 	UID     uint32 // The uid of the process inside the guest
 	GID     uint32 // The gid of the process inside the guest
 	WorkDir string // The workdir of the process inside the guest
+	Rlimits []Rlimit
 }
 
 // UnikernelParams holds the data required to build the unikernels commandline
diff --git a/pkg/unikontainers/unikernels/linux.go b/pkg/unikontainers/unikernels/linux.go
@@ -314,6 +314,15 @@ func (l *Linux) buildUrunitConfig() string {
 	sb.WriteString("WD:")
 	sb.WriteString(l.ProcConfig.WorkDir)
 	sb.WriteString("\n")
+	for _, limit := range l.ProcConfig.Rlimits {
+		sb.WriteString("RLIMIT:")
+		sb.WriteString(limit.Type)
+		sb.WriteString(":")
+		sb.WriteString(strconv.FormatUint(limit.Hard, 10))
+		sb.WriteString(":")
+		sb.WriteString(strconv.FormatUint(limit.Soft, 10))
+		sb.WriteString("\n")
+	}
 	sb.WriteString(lpcEndMarker)
 	sb.WriteString("\n")
 	sb.WriteString(blkStartMarker)
diff --git a/pkg/unikontainers/unikontainers.go b/pkg/unikontainers/unikontainers.go
@@ -280,6 +280,16 @@ func (u *Unikontainer) Exec(metrics m.Writer) error {
 		GID:     u.Spec.Process.User.GID,
 		WorkDir: u.Spec.Process.Cwd,
 	}
+
+	if u.Spec.Process.Rlimits != nil {
+		for _, rl := range u.Spec.Process.Rlimits {
+			procAttrs.Rlimits = append(procAttrs.Rlimits, types.Rlimit{
+				Type: rl.Type,
+				Hard: rl.Hard,
+				Soft: rl.Soft,
+			})
+		}
+	}
 	// UnikernelParams
 	// populate unikernel params
 	unikernelParams := types.UnikernelParams{

-Original file line number
+Diff line change
 ldconfig
 vfsd
 crun
 +Rlimits
 vaccel
 VACCEL
 vsock