oci-defaults

Settings related to orchestrated containers for overriding the OCI runtime spec defaults (settings.oci-defaults.*).

Topic list

Setting list for settings.oci-defaults

Topics

Capabilities Settings

Capabilities for the runtime process. These correspond to the object capabilities in the runtime spec.

Settings

Resource Limits Settings

Resource limits for the runtime process. These correspond to the object rlimit in the runtime spec.

Unusual among Bottlerocket settings, individual key/values will not validate. You must provide both hard-limit and soft-limit for any given resource limit setting at the same time. Consequently, using dot-notation expressions to change resource limits is not possible (e.g. apiclient set settings.oci-defaults.resource-limits.max-locked-memory.hard-limit=9223372 will fail). You can use TOML configuration format or the same structure expressed as JSON to set both keys simultaneously.

# Setting a limit
[settings.oci-defaults.resource-limits.max-core-file-size]
soft-limit = 100000000
hard-limit = 1000000000

# Removing a hard limit
[settings.oci-defaults.resource-limits.max-locked-memory]
soft-limit = 100000000
hard-limit = "unlimited"

# Setting a limit
apiclient set --json <<EOF
{
  "settings": {
    "oci-defaults": {
      "resource-limits": {
        "max-core-file-size": {
          "soft-limit": 100000000,
          "hard-limit": 1000000000
        }
      }
    }
  }
}
EOF

# Removing a hard limit
apiclient set --json <<EOF
{
  "settings": {
    "oci-defaults": {
      "resource-limits": {
        "max-core-file-size": {
          "soft-limit": 100000000,
          "hard-limit": "unlimited"
        }
      }
    }
  }
}
EOF

Settings

Full Reference

settings.oci-defaults.capabilities.audit-control

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.audit-read

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.audit-write

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.block-suspend

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.bpf

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.checkpoint-restore

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.chown

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.dac-override

Default: true

Accepted values:
  • true
  • false
Also see: 

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.fowner

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.fsetid

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.ipc-lock

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.ipc-owner

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.kill

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.lease

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.linux-immutable

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.mac-admin

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.mac-override

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.mknod

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities_net-admin

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.net-bind-service

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.net-broadcast

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.net-raw

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.perfmon

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.setfcap

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.setgid

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.setpcap

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.setuid

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-admin

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-boot

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-chroot

Default: true

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-module

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-nice

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-pacct

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-ptrace

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-rawio

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-resource

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-time

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.sys-tty-config

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.syslog

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.capabilities.wake-alarm

Accepted values:
  • true
  • false
Also see: 

settings.oci-defaults.resource-limits.max-address-space

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses bytes as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-core-file-size

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses bytes as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-cpu-time

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses seconds as an implicit unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-data-size

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses bytes as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-file-locks

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. The value is unit-less, representing the number of locks.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-file-size

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses bytes as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-locked-memory

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses bytes as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-msgqueue-size

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses bytes as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-nice-priority

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. The value is unit-less, representing niceness.

Accepted values:
  • Setting a limit: Practical values range from 1 to 40, however the technically accepted values are 0 to 9223372036854775807 (i.e. int64::MAX).
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-open-files

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. The value is unit-less, representing the number of files.

Default: soft-limit is 65536 and hard-limit is 1048576

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-pending-signals

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. The value is unit-less, representing the number of singals.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-processes

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. The value is unit-less, representing the number of procceses.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-realtime-priority

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. The value is unit-less, representing priority.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-realtime-timeout

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses microseconds as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-resident-set

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses bytes as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: 

settings.oci-defaults.resource-limits.max-stack-size

A TOML table. Validation requires a key/value for both soft-limit and hard-limit. Uses bytes as an implicit value unit.

Accepted values:
  • Setting a limit: 0 to 9223372036854775807 (i.e. int64::MAX)
  • Removing a limit: -1 or "unlimited"
Also see: