From 3755976856a862a701253b970d2c27066691bcfa Mon Sep 17 00:00:00 2001
From: Giles Cope <gilescope@gmail.com>
Date: Thu, 19 Feb 2026 21:51:37 +0000
Subject: [PATCH 1/2] fix: ensure minimum ulimits

Signed-off-by: Giles Cope <gilescope@gmail.com>
---
 cmd/buildkitd/main_unix.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/cmd/buildkitd/main_unix.go b/cmd/buildkitd/main_unix.go
index f9373356d..ea4815952 100644
--- a/cmd/buildkitd/main_unix.go
+++ b/cmd/buildkitd/main_unix.go
@@ -16,6 +16,17 @@ import (
 
 func init() {
 	syscall.Umask(0)
+
+	// Docker 29+ (containerd v2) lowered the default open file limit from
+	// 1048576 to 1024, which starves buildkitd. Raise it back.
+	var lim syscall.Rlimit
+	if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &lim); err == nil && lim.Cur < 1048576 {
+		lim.Cur = 1048576
+		if lim.Max < 1048576 {
+			lim.Max = 1048576
+		}
+		_ = syscall.Setrlimit(syscall.RLIMIT_NOFILE, &lim)
+	}
 }
 
 func listenFD(addr string, tlsConfig *tls.Config) (net.Listener, error) {

From a2dd46d10c23ffcbb3fd794cca86a40f3110260d Mon Sep 17 00:00:00 2001
From: Giles Cope <gilescope@gmail.com>
Date: Thu, 19 Feb 2026 21:58:25 +0000
Subject: [PATCH 2/2] fix: ensure minimum ulimits

Signed-off-by: Giles Cope <gilescope@gmail.com>
---
 cmd/buildkitd/main_unix.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/buildkitd/main_unix.go b/cmd/buildkitd/main_unix.go
index ea4815952..1874108c9 100644
--- a/cmd/buildkitd/main_unix.go
+++ b/cmd/buildkitd/main_unix.go
@@ -5,6 +5,7 @@ package main
 
 import (
 	"crypto/tls"
+	"fmt"
 	"net"
 	"os"
 	"syscall"
@@ -25,7 +26,9 @@ func init() {
 		if lim.Max < 1048576 {
 			lim.Max = 1048576
 		}
-		_ = syscall.Setrlimit(syscall.RLIMIT_NOFILE, &lim)
+		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &lim); err != nil {
+			fmt.Fprintf(os.Stderr, "warning: failed to raise RLIMIT_NOFILE: %v\n", err)
+		}
 	}
 }