2.10 Set default ulimit as appropriate '--default-ulimit'

Information

http://docs.docker.com/ reference/commandline/cli/#default-ulimits

Solution

Run the docker in daemon mode and pass '--default-ulimit' as argument with respective
ulimits as appropriate in your environment.
For Example,

$> docker -d --default-ulimit nproc=1024-2408 --default-ulimit nofile=100-200

Impact-If the ulimits are not set properly, the desired resource control might not be achieved and
might even make the system unusable.

Default Value-By default, no ulimit is set.

See Also

https://workbench.cisecurity.org/files/514

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-6

Plugin: Unix

Control ID: 0ae1d37474746222dc1635eb8ee0a83e4256dab7b3b670ead5b5eab3e617b905