summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-05-12 10:09:09 -0700
committerGitHub <noreply@github.com>2020-05-12 10:09:09 -0700
commit5b4e91db73a80f31f67b7c28832527e64b074b74 (patch)
treec138a694b405e3ba72c11d570cb8494851ae19ef
parent38c4b9bcc0296a1fe7efc5bb6058e8aaa5ecae6f (diff)
parent664e0595dda658093f72673d8df8c32760b9845f (diff)
downloadpodman-5b4e91db73a80f31f67b7c28832527e64b074b74.tar.gz
podman-5b4e91db73a80f31f67b7c28832527e64b074b74.tar.bz2
podman-5b4e91db73a80f31f67b7c28832527e64b074b74.zip
Merge pull request #6174 from giuseppe/fix-events-rootless
rootless: do not set pids limits with cgroupfs
-rw-r--r--cmd/podman/common/specgen.go28
-rw-r--r--cmd/podman/containers/create.go3
-rw-r--r--test/e2e/events_test.go1
-rw-r--r--test/e2e/run_networking_test.go5
4 files changed, 21 insertions, 16 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 664e66df8..1fabff378 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -8,12 +8,14 @@ import (
"strings"
"time"
+ "github.com/containers/common/pkg/config"
"github.com/containers/image/v5/manifest"
"github.com/containers/libpod/cmd/podman/parse"
"github.com/containers/libpod/libpod/define"
ann "github.com/containers/libpod/pkg/annotations"
envLib "github.com/containers/libpod/pkg/env"
ns "github.com/containers/libpod/pkg/namespaces"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/specgen"
systemdGen "github.com/containers/libpod/pkg/systemd/generate"
"github.com/containers/libpod/pkg/util"
@@ -126,20 +128,23 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (
return io, nil
}
-func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxPids, error) {
+func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) *specs.LinuxPids {
pids := &specs.LinuxPids{}
- hasLimits := false
- if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 {
- return nil, nil
+ if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 {
+ return nil
+ }
+ if c.PIDsLimit < 0 {
+ if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager {
+ return nil
+ }
+ pids.Limit = containerConfig.PidsLimit()
+ return pids
}
if c.PIDsLimit > 0 {
pids.Limit = c.PIDsLimit
- hasLimits = true
+ return pids
}
- if !hasLimits {
- return nil, nil
- }
- return pids, nil
+ return nil
}
func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxMemory, error) {
@@ -464,10 +469,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
if err != nil {
return err
}
- s.ResourceLimits.Pids, err = getPidsLimits(s, c, args)
- if err != nil {
- return err
- }
+ s.ResourceLimits.Pids = getPidsLimits(s, c, args)
s.ResourceLimits.CPU, err = getCPULimits(s, c, args)
if err != nil {
return err
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 2ecdda2e0..5058cdfe5 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -168,6 +168,9 @@ func createInit(c *cobra.Command) error {
if c.Flag("pid").Changed {
cliVals.PID = c.Flag("pid").Value.String()
}
+ if !c.Flag("pids-limit").Changed {
+ cliVals.PIDsLimit = -1
+ }
if c.Flag("cgroupns").Changed {
cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
}
diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go
index 4cd5de05e..0636af74c 100644
--- a/test/e2e/events_test.go
+++ b/test/e2e/events_test.go
@@ -19,7 +19,6 @@ var _ = Describe("Podman events", func() {
)
BeforeEach(func() {
- SkipIfRootlessV2()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 6a93da085..9db2f5d49 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -19,7 +19,6 @@ var _ = Describe("Podman run networking", func() {
)
BeforeEach(func() {
- SkipIfRootlessV2()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
@@ -193,6 +192,8 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run network expose duplicate host port results in error", func() {
+ SkipIfRootless()
+
session := podmanTest.Podman([]string{"run", "-dt", "-p", "80", ALPINE, "/bin/sh"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -202,7 +203,7 @@ var _ = Describe("Podman run networking", func() {
Expect(inspect.ExitCode()).To(Equal(0))
containerConfig := inspect.InspectContainerToJSON()
- Expect(containerConfig[0].NetworkSettings.Ports[0].HostPort).ToNot(Equal("80"))
+ Expect(containerConfig[0].NetworkSettings.Ports[0].HostPort).ToNot(Equal(80))
})
It("podman run hostname test", func() {