Add Verify function to check if Ulimit max value is too big

When parsing the ulimit, we should check if the ulimit max value is greater then
the processes max value.  If yes then we should return an error.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Author: rhatdan

ulimit_linux.go

@@ -0,0 +1,18 @@
+package units
+
+import (
+	"fmt"
+
+	"golang.org/x/sys/unix"
+)
+
+// Verify that ulimit values work with current kernel
+func (u *Ulimit) Verify() error {
+	var rlimit unix.Rlimit
+	if err := unix.Getrlimit(ulimitNameMapping[u.Name], &rlimit); err == nil {
+		if u.Hard > int64(rlimit.Max) {
+			return fmt.Errorf("ulimit hard limit (%d) must be less than or equal to hard limit for the current process %d", u.Hard, rlimit.Max)
+		}
+	}
+	return nil
+}

ulimit_linux_test.go

@@ -0,0 +1,24 @@
+// +build linux
+
+package units
+
+import (
+	"fmt"
+
+	"golang.org/x/sys/unix"
+	"testing"
+)
+
+func TestParseUlimitTooBig(t *testing.T) {
+	var rlimit unix.Rlimit
+	if err := unix.Getrlimit(rlimitNofile, &rlimit); err != nil {
+		t.Fatalf("Failed to get rlimit of current process %q", err)
+	}
+	u, err := ParseUlimit(fmt.Sprintf("nofile=512:%d", rlimit.Max+1))
+	if err != nil {
+		t.Fatalf("expected valid value got %q", err)
+	}
+	if err := u.Verify(); err == nil {
+		t.Fatalf("expected invalid hard limit")
+	}
+}

ulimit_unsupported.go

@@ -0,0 +1,8 @@
+// +build !linux
+
+package units
+
+// Verify that ulimit values work with current kernel
+func (u *Ulimit) Verify() error {
+	return nil
+}