summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-10-07 15:01:27 -0700
committerGitHub <noreply@github.com>2019-10-07 15:01:27 -0700
commitc817ea1b33966c2f1f089b5c086df8cc45437065 (patch)
treeeccc53908a469d5b71234bebf5957a70a8f9fd3a /pkg
parent589261f275b485d78a6ac1bd7b95578257fc020f (diff)
parent118cf1fc634ffc63b908d6b082ffc3a53553a6af (diff)
downloadpodman-c817ea1b33966c2f1f089b5c086df8cc45437065.tar.gz
podman-c817ea1b33966c2f1f089b5c086df8cc45437065.tar.bz2
podman-c817ea1b33966c2f1f089b5c086df8cc45437065.zip
Merge pull request #4032 from rhatdan/pids-limit
Setup a reasonable default for pids-limit 4096
Diffstat (limited to 'pkg')
-rw-r--r--pkg/spec/spec.go23
-rw-r--r--pkg/sysinfo/sysinfo.go9
-rw-r--r--pkg/sysinfo/sysinfo_linux.go15
3 files changed, 40 insertions, 7 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index c7aa003e8..57c6e8da7 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -7,6 +7,7 @@ import (
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/cgroups"
"github.com/containers/libpod/pkg/rootless"
+ "github.com/containers/libpod/pkg/sysinfo"
"github.com/docker/docker/oci/caps"
"github.com/docker/go-units"
"github.com/opencontainers/runc/libcontainer/user"
@@ -300,9 +301,25 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
blockAccessToKernelFilesystems(config, &g)
// RESOURCES - PIDS
- if config.Resources.PidsLimit != 0 {
- g.SetLinuxResourcesPidsLimit(config.Resources.PidsLimit)
- addedResources = true
+ if config.Resources.PidsLimit > 0 {
+ // if running on rootless on a cgroupv1 machine, pids limit is
+ // not supported. If the value is still the default
+ // then ignore the settings. If the caller asked for a
+ // non-default, then try to use it.
+ setPidLimit := true
+ if rootless.IsRootless() {
+ cgroup2, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return nil, err
+ }
+ if !cgroup2 && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
+ setPidLimit = false
+ }
+ }
+ if setPidLimit {
+ g.SetLinuxResourcesPidsLimit(config.Resources.PidsLimit)
+ addedResources = true
+ }
}
for name, val := range config.Env {
diff --git a/pkg/sysinfo/sysinfo.go b/pkg/sysinfo/sysinfo.go
index f046de4b1..686f66ce5 100644
--- a/pkg/sysinfo/sysinfo.go
+++ b/pkg/sysinfo/sysinfo.go
@@ -142,3 +142,12 @@ func popcnt(x uint64) (n byte) {
x *= 0x0101010101010101
return byte(x >> 56)
}
+
+// GetDefaultPidsLimit returns the default pids limit to run containers with
+func GetDefaultPidsLimit() int64 {
+ sysInfo := New(true)
+ if !sysInfo.PidsLimit {
+ return 0
+ }
+ return 4096
+}
diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go
index 9e675c655..76bda23c6 100644
--- a/pkg/sysinfo/sysinfo_linux.go
+++ b/pkg/sysinfo/sysinfo_linux.go
@@ -7,6 +7,7 @@ import (
"path"
"strings"
+ cg "github.com/containers/libpod/pkg/cgroups"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@@ -227,12 +228,18 @@ func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetI
// checkCgroupPids reads the pids information from the pids cgroup mount point.
func checkCgroupPids(quiet bool) cgroupPids {
- _, err := cgroups.FindCgroupMountpoint("", "pids")
+ cgroup2, err := cg.IsCgroup2UnifiedMode()
if err != nil {
- if !quiet {
- logrus.Warn(err)
+ logrus.Errorf("Failed to check cgroups version: %v", err)
+ }
+ if !cgroup2 {
+ _, err := cgroups.FindCgroupMountpoint("", "pids")
+ if err != nil {
+ if !quiet {
+ logrus.Warn(err)
+ }
+ return cgroupPids{}
}
- return cgroupPids{}
}
return cgroupPids{