I've tried to run some docker images from vulnhub - they have images with known CVEs like log4j etc.
It is easy, just run docker-compose up and you have it. Unfortunately I recieved a lot of errors and the reason was: "unable to allocate file descriptor table - out of memory". It is caused by changed ulimits in system.conf.
How to fix it?
You have to limit docker and it is necessary just to add following lines to docker compose file:
ulimits:
nproc: 65535
nofile:
soft: 26677
hard: 46677
Then everything will work again.
And if you'd like to run it directly from the commandline just run:
docker run --ulimit nproc=65535 --ulimit nofile=26677:46677 -d <your_image>
Žádné komentáře:
Okomentovat