diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-05-12 10:09:09 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-12 10:09:09 -0700 |
commit | 5b4e91db73a80f31f67b7c28832527e64b074b74 (patch) | |
tree | c138a694b405e3ba72c11d570cb8494851ae19ef /cmd/podman/common/specgen.go | |
parent | 38c4b9bcc0296a1fe7efc5bb6058e8aaa5ecae6f (diff) | |
parent | 664e0595dda658093f72673d8df8c32760b9845f (diff) | |
download | podman-5b4e91db73a80f31f67b7c28832527e64b074b74.tar.gz podman-5b4e91db73a80f31f67b7c28832527e64b074b74.tar.bz2 podman-5b4e91db73a80f31f67b7c28832527e64b074b74.zip |
Merge pull request #6174 from giuseppe/fix-events-rootless
rootless: do not set pids limits with cgroupfs
Diffstat (limited to 'cmd/podman/common/specgen.go')
-rw-r--r-- | cmd/podman/common/specgen.go | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 664e66df8..1fabff378 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -8,12 +8,14 @@ import ( "strings" "time" + "github.com/containers/common/pkg/config" "github.com/containers/image/v5/manifest" "github.com/containers/libpod/cmd/podman/parse" "github.com/containers/libpod/libpod/define" ann "github.com/containers/libpod/pkg/annotations" envLib "github.com/containers/libpod/pkg/env" ns "github.com/containers/libpod/pkg/namespaces" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/specgen" systemdGen "github.com/containers/libpod/pkg/systemd/generate" "github.com/containers/libpod/pkg/util" @@ -126,20 +128,23 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) ( return io, nil } -func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxPids, error) { +func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) *specs.LinuxPids { pids := &specs.LinuxPids{} - hasLimits := false - if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 { - return nil, nil + if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 { + return nil + } + if c.PIDsLimit < 0 { + if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager { + return nil + } + pids.Limit = containerConfig.PidsLimit() + return pids } if c.PIDsLimit > 0 { pids.Limit = c.PIDsLimit - hasLimits = true + return pids } - if !hasLimits { - return nil, nil - } - return pids, nil + return nil } func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxMemory, error) { @@ -464,10 +469,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string if err != nil { return err } - s.ResourceLimits.Pids, err = getPidsLimits(s, c, args) - if err != nil { - return err - } + s.ResourceLimits.Pids = getPidsLimits(s, c, args) s.ResourceLimits.CPU, err = getCPULimits(s, c, args) if err != nil { return err |