Pids-limit should only be set if the user set it

Currently we are sending over pids-limits from the user even if they never modified the defaults. The pids limit should be set at the server side unless modified by the user. This issue has led to failures on systems that were running with cgroups V1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
author: Daniel J Walsh <dwalsh@redhat.com> 2020-07-06 14:14:48 -0400
committer: Daniel J Walsh <dwalsh@redhat.com> 2020-07-06 14:14:48 -0400
commit: c4023a9302c81f04865646d765caf58ccf556cae (patch)
tree: f957873174291cfc4380478c43cf265757cbaf0c /cmd/podman/common/specgen.go
parent: 1a60550bef976a57777c75e055ad35ff8cf87f23 (diff)
download: podman-c4023a9302c81f04865646d765caf58ccf556cae.tar.gz
podman-c4023a9302c81f04865646d765caf58ccf556cae.tar.bz2
podman-c4023a9302c81f04865646d765caf58ccf556cae.zip
1 files changed, 7 insertions, 22 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index ae61e5283..b4f786da2 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -7,14 +7,12 @@ import (
 	"strings"
 	"time"
 
-	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/libpod/v2/cmd/podman/parse"
 	"github.com/containers/libpod/v2/libpod/define"
 	ann "github.com/containers/libpod/v2/pkg/annotations"
 	envLib "github.com/containers/libpod/v2/pkg/env"
 	ns "github.com/containers/libpod/v2/pkg/namespaces"
-	"github.com/containers/libpod/v2/pkg/rootless"
 	"github.com/containers/libpod/v2/pkg/specgen"
 	systemdGen "github.com/containers/libpod/v2/pkg/systemd/generate"
 	"github.com/containers/libpod/v2/pkg/util"
@@ -127,25 +125,6 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.LinuxBlo
 	return io, nil
 }
 
-func getPidsLimits(c *ContainerCLIOpts) *specs.LinuxPids {
-	pids := &specs.LinuxPids{}
-	if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 {
-		return nil
-	}
-	if c.PIDsLimit < 0 {
-		if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager {
-			return nil
-		}
-		pids.Limit = containerConfig.PidsLimit()
-		return pids
-	}
-	if c.PIDsLimit > 0 {
-		pids.Limit = c.PIDsLimit
-		return pids
-	}
-	return nil
-}
-
 func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.LinuxMemory, error) {
 	var err error
 	memory := &specs.LinuxMemory{}
@@ -454,7 +433,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	if err != nil {
 		return err
 	}
-	s.ResourceLimits.Pids = getPidsLimits(c)
+	if c.PIDsLimit != nil {
+		pids := specs.LinuxPids{
+			Limit: *c.PIDsLimit,
+		}
+
+		s.ResourceLimits.Pids = &pids
+	}
 	s.ResourceLimits.CPU = getCPULimits(c)
 	if s.ResourceLimits.CPU == nil && s.ResourceLimits.Pids == nil && s.ResourceLimits.BlockIO == nil && s.ResourceLimits.Memory == nil {
 		s.ResourceLimits = nil
author	Daniel J Walsh <dwalsh@redhat.com>	2020-07-06 14:14:48 -0400
committer	Daniel J Walsh <dwalsh@redhat.com>	2020-07-06 14:14:48 -0400
commit	c4023a9302c81f04865646d765caf58ccf556cae (patch)
tree	f957873174291cfc4380478c43cf265757cbaf0c /cmd/podman/common/specgen.go
parent	1a60550bef976a57777c75e055ad35ff8cf87f23 (diff)
download	podman-c4023a9302c81f04865646d765caf58ccf556cae.tar.gz podman-c4023a9302c81f04865646d765caf58ccf556cae.tar.bz2 podman-c4023a9302c81f04865646d765caf58ccf556cae.zip