diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-05-12 10:09:09 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-12 10:09:09 -0700 |
commit | 5b4e91db73a80f31f67b7c28832527e64b074b74 (patch) | |
tree | c138a694b405e3ba72c11d570cb8494851ae19ef | |
parent | 38c4b9bcc0296a1fe7efc5bb6058e8aaa5ecae6f (diff) | |
parent | 664e0595dda658093f72673d8df8c32760b9845f (diff) | |
download | podman-5b4e91db73a80f31f67b7c28832527e64b074b74.tar.gz podman-5b4e91db73a80f31f67b7c28832527e64b074b74.tar.bz2 podman-5b4e91db73a80f31f67b7c28832527e64b074b74.zip |
Merge pull request #6174 from giuseppe/fix-events-rootless
rootless: do not set pids limits with cgroupfs
-rw-r--r-- | cmd/podman/common/specgen.go | 28 | ||||
-rw-r--r-- | cmd/podman/containers/create.go | 3 | ||||
-rw-r--r-- | test/e2e/events_test.go | 1 | ||||
-rw-r--r-- | test/e2e/run_networking_test.go | 5 |
4 files changed, 21 insertions, 16 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 664e66df8..1fabff378 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -8,12 +8,14 @@ import ( "strings" "time" + "github.com/containers/common/pkg/config" "github.com/containers/image/v5/manifest" "github.com/containers/libpod/cmd/podman/parse" "github.com/containers/libpod/libpod/define" ann "github.com/containers/libpod/pkg/annotations" envLib "github.com/containers/libpod/pkg/env" ns "github.com/containers/libpod/pkg/namespaces" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/specgen" systemdGen "github.com/containers/libpod/pkg/systemd/generate" "github.com/containers/libpod/pkg/util" @@ -126,20 +128,23 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) ( return io, nil } -func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxPids, error) { +func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) *specs.LinuxPids { pids := &specs.LinuxPids{} - hasLimits := false - if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 { - return nil, nil + if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 { + return nil + } + if c.PIDsLimit < 0 { + if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager { + return nil + } + pids.Limit = containerConfig.PidsLimit() + return pids } if c.PIDsLimit > 0 { pids.Limit = c.PIDsLimit - hasLimits = true + return pids } - if !hasLimits { - return nil, nil - } - return pids, nil + return nil } func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxMemory, error) { @@ -464,10 +469,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string if err != nil { return err } - s.ResourceLimits.Pids, err = getPidsLimits(s, c, args) - if err != nil { - return err - } + s.ResourceLimits.Pids = getPidsLimits(s, c, args) s.ResourceLimits.CPU, err = getCPULimits(s, c, args) if err != nil { return err diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 2ecdda2e0..5058cdfe5 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -168,6 +168,9 @@ func createInit(c *cobra.Command) error { if c.Flag("pid").Changed { cliVals.PID = c.Flag("pid").Value.String() } + if !c.Flag("pids-limit").Changed { + cliVals.PIDsLimit = -1 + } if c.Flag("cgroupns").Changed { cliVals.CGroupsNS = c.Flag("cgroupns").Value.String() } diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go index 4cd5de05e..0636af74c 100644 --- a/test/e2e/events_test.go +++ b/test/e2e/events_test.go @@ -19,7 +19,6 @@ var _ = Describe("Podman events", func() { ) BeforeEach(func() { - SkipIfRootlessV2() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 6a93da085..9db2f5d49 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -19,7 +19,6 @@ var _ = Describe("Podman run networking", func() { ) BeforeEach(func() { - SkipIfRootlessV2() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -193,6 +192,8 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose duplicate host port results in error", func() { + SkipIfRootless() + session := podmanTest.Podman([]string{"run", "-dt", "-p", "80", ALPINE, "/bin/sh"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -202,7 +203,7 @@ var _ = Describe("Podman run networking", func() { Expect(inspect.ExitCode()).To(Equal(0)) containerConfig := inspect.InspectContainerToJSON() - Expect(containerConfig[0].NetworkSettings.Ports[0].HostPort).ToNot(Equal("80")) + Expect(containerConfig[0].NetworkSettings.Ports[0].HostPort).ToNot(Equal(80)) }) It("podman run hostname test", func() { |