while one can put --privileged and have /opt/gitlab/embedded/bin/runsvdir-start …

…handle everything, it is more "secure" to set the params using docker's ulimit and sysctl arguments. Note: this is for docker 1.10+ (or even 1.12+). These params are important for any serious deployment and should not be overlooked. Note: the ulimit warnings will still be there due to lack of perms to update. Ideally /opt/gitlab/embedded/bin/runsvdir-start should be updated and check if the value is not already greater than what it tries to set and skip trying to change it.