rootless container creation settings

when running container creation as rootless on the compatibility layer,
we need to make sure settings are not being done for memory and memory
swappiness.

Signed-off-by: baude <bbaude@redhat.com>

2 files changed, 40 insertions, 2 deletions

diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
index 87c95a24c..f9407df1a 100644
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@@ -38,6 +38,11 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 		utils.Error(w, utils.ErrLinkNotSupport.Error(), http.StatusBadRequest, errors.Wrapf(utils.ErrLinkNotSupport, "bad parameter"))
 		return
 	}
+	rtc, err := runtime.GetConfig()
+	if err != nil {
+		utils.Error(w, "unable to obtain runtime config", http.StatusInternalServerError, errors.Wrap(err, "unable to get runtime config"))
+	}
+
 	newImage, err := runtime.ImageRuntime().NewFromLocal(input.Image)
 	if err != nil {
 		if errors.Cause(err) == define.ErrNoSuchImage {
@@ -50,7 +55,7 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Take input structure and convert to cliopts
-	cliOpts, args, err := common.ContainerCreateToContainerCLIOpts(input)
+	cliOpts, args, err := common.ContainerCreateToContainerCLIOpts(input, rtc.Engine.CgroupManager)
 	if err != nil {
 		utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "make cli opts()"))
 		return
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index dc9e6b9d8..a0d36f865 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -1,11 +1,13 @@
 package specgen
 
 import (
+	"strconv"
 	"strings"
 
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/podman/v2/pkg/util"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
 
@@ -144,7 +146,38 @@ func (s *SpecGenerator) Validate() error {
 	//default:
 	//	return errors.New("unrecognized option for cgroups; supported are 'default', 'disabled', 'no-conmon'")
 	//}
-
+	invalidUlimitFormatError := errors.New("invalid default ulimit definition must be form of type=soft:hard")
+	//set ulimits if not rootless
+	if len(s.ContainerResourceConfig.Rlimits) < 1 && !rootless.IsRootless() {
+		// Containers common defines this as something like nproc=4194304:4194304
+		tmpnproc := containerConfig.Ulimits()
+		var posixLimits []specs.POSIXRlimit
+		for _, limit := range tmpnproc {
+			limitSplit := strings.SplitN(limit, "=", 2)
+			if len(limitSplit) < 2 {
+				return errors.Wrapf(invalidUlimitFormatError, "missing = in %s", limit)
+			}
+			valueSplit := strings.SplitN(limitSplit[1], ":", 2)
+			if len(valueSplit) < 2 {
+				return errors.Wrapf(invalidUlimitFormatError, "missing : in %s", limit)
+			}
+			hard, err := strconv.Atoi(valueSplit[0])
+			if err != nil {
+				return err
+			}
+			soft, err := strconv.Atoi(valueSplit[1])
+			if err != nil {
+				return err
+			}
+			posixLimit := specs.POSIXRlimit{
+				Type: limitSplit[0],
+				Hard: uint64(hard),
+				Soft: uint64(soft),
+			}
+			posixLimits = append(posixLimits, posixLimit)
+		}
+		s.ContainerResourceConfig.Rlimits = posixLimits
+	}
 	// Namespaces
 	if err := s.UtsNS.validate(); err != nil {
 		return err