viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

android-emulator: api36-v6 — cap RLIMIT_NOFILE; x11vnc -nolookup
All checks were successful
ci/woodpecker/push/build-cli Pipeline was successful
Details
ci/woodpecker/push/default Pipeline was successful
Details

Browse source 
Viktor's noVNC sat at 'Connecting…' forever: the WebSocket traversed
Cloudflare/Authentik/websockify fine, but x11vnc never sent the RFB
banner — strace showed it sweeping the container's fd table with one
fcntl per fd, and containerd grants RLIMIT_NOFILE=2147483584 here, so
each connection effectively never completed. The entrypoint now sets
ulimit -n 65536 for everything it launches (verified live: banner
answers instantly under the capped limit); x11vnc also gets -nolookup
so client reverse-DNS can never stall handshakes.
This commit is contained in:
Viktor Barzin 2026-06-12 20:04:42 +00:00
parent 623d34628a
commit 3802967290
3 changed files with 9 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
stacks/android-emulator/docker/Dockerfile
View file

@ -4,8 +4,8 @@
# cmdline-tools and the native libraries the emulator needs at runtime.
#
# Rebuild + push (rare — only when tool/library versions bump):
# docker build -t forgejo.viktorbarzin.me/viktor/android-emulator:api36-v5 .
# docker push forgejo.viktorbarzin.me/viktor/android-emulator:api36-v5
# docker build -t forgejo.viktorbarzin.me/viktor/android-emulator:api36-v6 .
# docker push forgejo.viktorbarzin.me/viktor/android-emulator:api36-v6
FROM eclipse-temurin:17-jdk-jammy
ENV DEBIAN_FRONTEND=noninteractive

7
stacks/android-emulator/docker/entrypoint.sh
View file

@ -4,6 +4,11 @@
# emulator windowed into it, and expose its adbd on :5555 for the LAN.
set -euo pipefail
# Containerd grants an effectively unbounded RLIMIT_NOFILE (2^31); x11vnc's
# connection handling sweeps the whole fd table with fcntl per fd, so every
# VNC connect hung for ages. Cap it for everything we launch.
ulimit -n 65536
API_LEVEL="${API_LEVEL:-36}"
SYSTEM_IMAGE="system-images;android-${API_LEVEL};google_apis;x86_64"
# Pinned emulator build (36.1.9). The sdkmanager-latest emulator (36.6.11)
@ -79,7 +84,7 @@ export DISPLAY=:0
Xvfb :0 -screen 0 "$SCREEN_GEOMETRY" -nolisten tcp &
sleep 1
openbox &
x11vnc -display :0 -nopw -forever -shared -quiet -bg
x11vnc -display :0 -nopw -forever -shared -quiet -nolookup -bg
websockify --web /usr/share/novnc 6080 localhost:5900 &
# --- emulator -----------------------------------------------------------------

2
stacks/android-emulator/variables.tf
View file

@ -5,6 +5,6 @@ variable "tls_secret_name" {
variable "image_tag" {
type = string
default = "api36-v5"
default = "api36-v6"
description = "android-emulator image tag at forgejo.viktorbarzin.me/viktor/android-emulator. Built + pushed manually from stacks/android-emulator/docker/ (see README.md) — bump this when the image is rebuilt."
}