Setup a reasonable default for pids-limit 4096

CRI-O defaults to 1024 for the maximum pids in a container.  Podman
should have a similar limit. Once we have a containers.conf, we can
set the limit in this file, and have it easily customizable.

Currently the documentation says that -1 sets pids-limit=max, but -1 fails.
This patch allows -1, but also indicates that 0 also sets the max pids limit.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

2 files changed, 20 insertions, 4 deletions

diff --git a/pkg/sysinfo/sysinfo.go b/pkg/sysinfo/sysinfo.go
index f046de4b1..686f66ce5 100644
--- a/pkg/sysinfo/sysinfo.go
+++ b/pkg/sysinfo/sysinfo.go
@@ -142,3 +142,12 @@ func popcnt(x uint64) (n byte) {
 	x *= 0x0101010101010101
 	return byte(x >> 56)
 }
+
+// GetDefaultPidsLimit returns the default pids limit to run containers with
+func GetDefaultPidsLimit() int64 {
+	sysInfo := New(true)
+	if !sysInfo.PidsLimit {
+		return 0
+	}
+	return 4096
+}
diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go
index 9e675c655..76bda23c6 100644
--- a/pkg/sysinfo/sysinfo_linux.go
+++ b/pkg/sysinfo/sysinfo_linux.go
@@ -7,6 +7,7 @@ import (
 	"path"
 	"strings"
 
+	cg "github.com/containers/libpod/pkg/cgroups"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
@@ -227,12 +228,18 @@ func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetI
 
 // checkCgroupPids reads the pids information from the pids cgroup mount point.
 func checkCgroupPids(quiet bool) cgroupPids {
-	_, err := cgroups.FindCgroupMountpoint("", "pids")
+	cgroup2, err := cg.IsCgroup2UnifiedMode()
 	if err != nil {
-		if !quiet {
-			logrus.Warn(err)
+		logrus.Errorf("Failed to check cgroups version: %v", err)
+	}
+	if !cgroup2 {
+		_, err := cgroups.FindCgroupMountpoint("", "pids")
+		if err != nil {
+			if !quiet {
+				logrus.Warn(err)
+			}
+			return cgroupPids{}
 		}
-		return cgroupPids{}
 	}
 
 	return cgroupPids{