diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-11-09 15:56:50 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-09 15:56:50 +0000 |
commit | abc77b42219aaccf5cf1a1c9f1202c1525c0d807 (patch) | |
tree | 73b459205f83f70a6b17c779a7ffbe06a9c83aa3 /pkg | |
parent | e2b82e6245ed9459a37dc004a2b1d593d2835cb7 (diff) | |
parent | 71a46764041da966805dfb40cc0f2a89a2848307 (diff) | |
download | podman-abc77b42219aaccf5cf1a1c9f1202c1525c0d807.tar.gz podman-abc77b42219aaccf5cf1a1c9f1202c1525c0d807.tar.bz2 podman-abc77b42219aaccf5cf1a1c9f1202c1525c0d807.zip |
Merge pull request #8245 from baude/rootlesscreatecompat
rootless container creation settings
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/api/handlers/compat/containers_create.go | 7 | ||||
-rw-r--r-- | pkg/specgen/container_validate.go | 35 |
2 files changed, 40 insertions, 2 deletions
diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go index 87c95a24c..f9407df1a 100644 --- a/pkg/api/handlers/compat/containers_create.go +++ b/pkg/api/handlers/compat/containers_create.go @@ -38,6 +38,11 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) { utils.Error(w, utils.ErrLinkNotSupport.Error(), http.StatusBadRequest, errors.Wrapf(utils.ErrLinkNotSupport, "bad parameter")) return } + rtc, err := runtime.GetConfig() + if err != nil { + utils.Error(w, "unable to obtain runtime config", http.StatusInternalServerError, errors.Wrap(err, "unable to get runtime config")) + } + newImage, err := runtime.ImageRuntime().NewFromLocal(input.Image) if err != nil { if errors.Cause(err) == define.ErrNoSuchImage { @@ -50,7 +55,7 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) { } // Take input structure and convert to cliopts - cliOpts, args, err := common.ContainerCreateToContainerCLIOpts(input) + cliOpts, args, err := common.ContainerCreateToContainerCLIOpts(input, rtc.Engine.CgroupManager) if err != nil { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "make cli opts()")) return diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index dc9e6b9d8..a0d36f865 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -1,11 +1,13 @@ package specgen import ( + "strconv" "strings" "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/podman/v2/pkg/util" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" ) @@ -144,7 +146,38 @@ func (s *SpecGenerator) Validate() error { //default: // return errors.New("unrecognized option for cgroups; supported are 'default', 'disabled', 'no-conmon'") //} - + invalidUlimitFormatError := errors.New("invalid default ulimit definition must be form of type=soft:hard") + //set ulimits if not rootless + if len(s.ContainerResourceConfig.Rlimits) < 1 && !rootless.IsRootless() { + // Containers common defines this as something like nproc=4194304:4194304 + tmpnproc := containerConfig.Ulimits() + var posixLimits []specs.POSIXRlimit + for _, limit := range tmpnproc { + limitSplit := strings.SplitN(limit, "=", 2) + if len(limitSplit) < 2 { + return errors.Wrapf(invalidUlimitFormatError, "missing = in %s", limit) + } + valueSplit := strings.SplitN(limitSplit[1], ":", 2) + if len(valueSplit) < 2 { + return errors.Wrapf(invalidUlimitFormatError, "missing : in %s", limit) + } + hard, err := strconv.Atoi(valueSplit[0]) + if err != nil { + return err + } + soft, err := strconv.Atoi(valueSplit[1]) + if err != nil { + return err + } + posixLimit := specs.POSIXRlimit{ + Type: limitSplit[0], + Hard: uint64(hard), + Soft: uint64(soft), + } + posixLimits = append(posixLimits, posixLimit) + } + s.ContainerResourceConfig.Rlimits = posixLimits + } // Namespaces if err := s.UtsNS.validate(); err != nil { return err |