Allow a value of -1 to set unlimited pids limit

Users can set --pids-limit to -1 now to set unlimited
pids limit for a container - this matches the convention.

[NO TESTS NEEDED]

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>

5 files changed, 8 insertions, 5 deletions

diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index a969e17e9..e490fa121 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -421,7 +421,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		pidsLimitFlagName := "pids-limit"
 		createFlags.Int64(
 			pidsLimitFlagName, pidsLimit(),
-			"Tune container pids limit (set 0 for unlimited, -1 for server defaults)",
+			"Tune container pids limit (set -1 for unlimited)",
 		)
 		_ = cmd.RegisterFlagCompletionFunc(pidsLimitFlagName, completion.AutocompleteNone)
 
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 8b27de53e..aa34f9ba5 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -224,6 +224,10 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
 
 		if c.Flags().Changed("pids-limit") {
 			val := c.Flag("pids-limit").Value.String()
+			// Convert -1 to 0, so that -1 maps to unlimited pids limit
+			if val == "-1" {
+				val = "0"
+			}
 			pidsLimit, err := strconv.ParseInt(val, 10, 32)
 			if err != nil {
 				return vals, err
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index f63f5ca9c..c8d01b2f8 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -728,7 +728,7 @@ Default is to create a private PID namespace for the container
 
 #### **--pids-limit**=*limit*
 
-Tune the container's pids limit. Set `0` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups).
+Tune the container's pids limit. Set `-1` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups).
 
 #### **--platform**=*OS/ARCH*
 
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 6d68fd62b..2fd4a6edd 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -751,7 +751,7 @@ The default is to create a private PID namespace for the container.
 
 #### **--pids-limit**=*limit*
 
-Tune the container's pids limit. Set to **0** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller.
+Tune the container's pids limit. Set to **-1** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller.
 
 #### **--platform**=*OS/ARCH*
 
diff --git a/pkg/specgen/generate/validate.go b/pkg/specgen/generate/validate.go
index 50efe7fa3..b0d84825e 100644
--- a/pkg/specgen/generate/validate.go
+++ b/pkg/specgen/generate/validate.go
@@ -72,10 +72,9 @@ func verifyContainerResourcesCgroupV1(s *specgen.SpecGenerator) ([]string, error
 
 	// Pids checks
 	if s.ResourceLimits.Pids != nil {
-		pids := s.ResourceLimits.Pids
 		// TODO: Should this be 0, or checking that ResourceLimits.Pids
 		// is set at all?
-		if pids.Limit > 0 && !sysInfo.PidsLimit {
+		if s.ResourceLimits.Pids.Limit >= 0 && !sysInfo.PidsLimit {
 			warnings = append(warnings, "Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
 			s.ResourceLimits.Pids = nil
 		}