diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go
index 9dd056ad502..5a289ba7cb5 100644
--- a/libcontainer/integration/exec_test.go
+++ b/libcontainer/integration/exec_test.go
@@ -136,11 +136,13 @@ func testRlimit(t *testing.T, userns bool) {
 
 	config := newTemplateConfig(t, &tParam{userns: userns})
 
-	// ensure limit is lower than what the config requests to test that in a user namespace
+	// Ensure limit is lower than what the config requests to test that in a user namespace
 	// the Setrlimit call happens early enough that we still have permissions to raise the limit.
+	// Do not change the Cur value to be equal to the Max value, please see:
+	// https://github.com/opencontainers/runc/pull/4265#discussion_r1589666444
 	ok(t, unix.Setrlimit(unix.RLIMIT_NOFILE, &unix.Rlimit{
 		Max: 1024,
-		Cur: 1024,
+		Cur: 512,
 	}))
 
 	out := runContainerOk(t, config, "/bin/sh", "-c", "ulimit -n")
diff --git a/tests/integration/rlimits.bats b/tests/integration/rlimits.bats
new file mode 100644
index 00000000000..716321ae5df
--- /dev/null
+++ b/tests/integration/rlimits.bats
@@ -0,0 +1,89 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function setup() {
+	# Do not change the Cur value to be equal to the Max value
+	# Because in some environments, the soft and hard nofile limit have the same value.
+	[ $EUID -eq 0 ] && prlimit --nofile=1024:65536 -p $$
+	setup_busybox
+}
+
+function teardown() {
+	teardown_bundle
+}
+
+@test "runc run with RLIMIT_NOFILE(The same as system's hard value)" {
+	# https://github.com/opencontainers/runc/pull/4265#discussion_r1588599809
+	hard=$(ulimit -n -H)
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${hard}, \"soft\": ${hard}}]"
+	update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'
+
+	runc run test_ulimit
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${hard}" ]]
+}
+
+@test "runc run with RLIMIT_NOFILE(Bigger than system's hard value)" {
+	requires root
+	# https://github.com/opencontainers/runc/pull/4265#discussion_r1588599809
+	hard=$(ulimit -n -H)
+	val=$((hard + 1))
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${val}, \"soft\": ${val}}]"
+	update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'
+
+	runc run test_ulimit
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${val}" ]]
+}
+
+@test "runc run with RLIMIT_NOFILE(Smaller than system's hard value)" {
+	hard=$(ulimit -n -H)
+	val=$((hard - 1))
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${val}, \"soft\": ${val}}]"
+	update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'
+
+	runc run test_ulimit
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${val}" ]]
+}
+
+@test "runc exec with RLIMIT_NOFILE(The same as system's hard value)" {
+	hard=$(ulimit -n -H)
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${hard}, \"soft\": ${hard}}]"
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
+	[ "$status" -eq 0 ]
+
+	runc exec test_busybox /bin/sh -c "ulimit -n"
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${hard}" ]]
+}
+
+@test "runc exec with RLIMIT_NOFILE(Bigger than system's hard value)" {
+	requires root
+	hard=$(ulimit -n -H)
+	val=$((hard + 1))
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${val}, \"soft\": ${val}}]"
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
+	[ "$status" -eq 0 ]
+
+	runc exec test_busybox /bin/sh -c "ulimit -n"
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${val}" ]]
+}
+
+@test "runc exec with RLIMIT_NOFILE(Smaller than system's hard value)" {
+	hard=$(ulimit -n -H)
+	val=$((hard - 1))
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${val}, \"soft\": ${val}}]"
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
+	[ "$status" -eq 0 ]
+
+	# issue: https://github.com/opencontainers/runc/issues/4195
+	runc exec test_busybox /bin/sh -c "ulimit -n"
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${val}" ]]
+}