diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-09-14 06:21:10 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-10-04 16:09:13 -0400 |
commit | 118cf1fc634ffc63b908d6b082ffc3a53553a6af (patch) | |
tree | 8d7f04fd776b39f6b685ce1a37d2f4935e39915c /pkg/spec | |
parent | bd08fc0e9b3a9943008585879877b68789e38c31 (diff) | |
download | podman-118cf1fc634ffc63b908d6b082ffc3a53553a6af.tar.gz podman-118cf1fc634ffc63b908d6b082ffc3a53553a6af.tar.bz2 podman-118cf1fc634ffc63b908d6b082ffc3a53553a6af.zip |
Setup a reasonable default for pids-limit 4096
CRI-O defaults to 1024 for the maximum pids in a container. Podman
should have a similar limit. Once we have a containers.conf, we can
set the limit in this file, and have it easily customizable.
Currently the documentation says that -1 sets pids-limit=max, but -1 fails.
This patch allows -1, but also indicates that 0 also sets the max pids limit.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg/spec')
-rw-r--r-- | pkg/spec/spec.go | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index c7aa003e8..57c6e8da7 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -7,6 +7,7 @@ import ( "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/sysinfo" "github.com/docker/docker/oci/caps" "github.com/docker/go-units" "github.com/opencontainers/runc/libcontainer/user" @@ -300,9 +301,25 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM blockAccessToKernelFilesystems(config, &g) // RESOURCES - PIDS - if config.Resources.PidsLimit != 0 { - g.SetLinuxResourcesPidsLimit(config.Resources.PidsLimit) - addedResources = true + if config.Resources.PidsLimit > 0 { + // if running on rootless on a cgroupv1 machine, pids limit is + // not supported. If the value is still the default + // then ignore the settings. If the caller asked for a + // non-default, then try to use it. + setPidLimit := true + if rootless.IsRootless() { + cgroup2, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return nil, err + } + if !cgroup2 && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() { + setPidLimit = false + } + } + if setPidLimit { + g.SetLinuxResourcesPidsLimit(config.Resources.PidsLimit) + addedResources = true + } } for name, val := range config.Env { |