diff options
| author | baude <bbaude@redhat.com> | 2020-11-04 11:50:18 -0600 |
|---|---|---|
| committer | baude <bbaude@redhat.com> | 2020-11-05 12:27:48 -0600 |
| commit | 71a46764041da966805dfb40cc0f2a89a2848307 (patch) | |
| tree | b4da4aef409c37f5f183013175e3bea91b4f3cbf /pkg/specgen/container_validate.go | |
| parent | 4d013caffcb0088e589ab65bc01208d53a71f922 (diff) | |
| download | podman-71a46764041da966805dfb40cc0f2a89a2848307.tar.gz podman-71a46764041da966805dfb40cc0f2a89a2848307.tar.bz2 podman-71a46764041da966805dfb40cc0f2a89a2848307.zip | |
rootless container creation settings
when running container creation as rootless on the compatibility layer,
we need to make sure settings are not being done for memory and memory
swappiness.
Signed-off-by: baude <bbaude@redhat.com>
Diffstat (limited to 'pkg/specgen/container_validate.go')
| -rw-r--r-- | pkg/specgen/container_validate.go | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index dc9e6b9d8..a0d36f865 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -1,11 +1,13 @@ package specgen import ( + "strconv" "strings" "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/podman/v2/pkg/util" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" ) @@ -144,7 +146,38 @@ func (s *SpecGenerator) Validate() error { //default: // return errors.New("unrecognized option for cgroups; supported are 'default', 'disabled', 'no-conmon'") //} - + invalidUlimitFormatError := errors.New("invalid default ulimit definition must be form of type=soft:hard") + //set ulimits if not rootless + if len(s.ContainerResourceConfig.Rlimits) < 1 && !rootless.IsRootless() { + // Containers common defines this as something like nproc=4194304:4194304 + tmpnproc := containerConfig.Ulimits() + var posixLimits []specs.POSIXRlimit + for _, limit := range tmpnproc { + limitSplit := strings.SplitN(limit, "=", 2) + if len(limitSplit) < 2 { + return errors.Wrapf(invalidUlimitFormatError, "missing = in %s", limit) + } + valueSplit := strings.SplitN(limitSplit[1], ":", 2) + if len(valueSplit) < 2 { + return errors.Wrapf(invalidUlimitFormatError, "missing : in %s", limit) + } + hard, err := strconv.Atoi(valueSplit[0]) + if err != nil { + return err + } + soft, err := strconv.Atoi(valueSplit[1]) + if err != nil { + return err + } + posixLimit := specs.POSIXRlimit{ + Type: limitSplit[0], + Hard: uint64(hard), + Soft: uint64(soft), + } + posixLimits = append(posixLimits, posixLimit) + } + s.ContainerResourceConfig.Rlimits = posixLimits + } // Namespaces if err := s.UtsNS.validate(); err != nil { return err |