podman pod create --memory

using the new resource backend, implement podman pod create --memory which enables users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all children unless overriden Signed-off-by: Charlie Doern <cdoern@redhat.com>
author: Charlie Doern <cdoern@redhat.com> 2022-06-28 12:11:29 -0400
committer: Charlie Doern <cdoern@redhat.com> 2022-07-01 13:44:32 -0400
commit: b92149e2a8ce596b2839ec404e2ebd457943848f (patch)
tree: 1223e8b4594b40413a749c5d0025f5c4a6106f8a /vendor/github.com
parent: b00e65aa9c071428579a55f91a92f3702765ed85 (diff)
download: podman-b92149e2a8ce596b2839ec404e2ebd457943848f.tar.gz
podman-b92149e2a8ce596b2839ec404e2ebd457943848f.tar.bz2
podman-b92149e2a8ce596b2839ec404e2ebd457943848f.zip
3 files changed, 8 insertions, 2 deletions
diff --git a/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go b/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go
index a45358f9b..ee9f584de 100644
--- a/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go
@@ -152,10 +152,10 @@ func resourcesToProps(res *configs.Resources) (map[string]uint64, map[string]str
 
 	// Mem
 	if res.Memory != 0 {
-		iMap["MemoryMax"] = res.Memory
+		uMap["MemoryMax"] = uint64(res.Memory)
 	}
 	if res.MemorySwap != 0 {
-		iMap["MemorySwapMax"] = res.MemorySwap
+		uMap["MemorySwapMax"] = uint64(res.MemorySwap)
 	}
 
 	// Blkio
diff --git a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
index 3712afc71..0db77879c 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
@@ -221,6 +221,9 @@ func DefaultProfile() *Seccomp {
 				"ipc",
 				"keyctl",
 				"kill",
+				"landlock_add_rule",
+				"landlock_create_ruleset",
+				"landlock_restrict_self",
 				"lchown",
 				"lchown32",
 				"lgetxattr",
diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
index 442632e7d..18674db4d 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
+++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
@@ -228,6 +228,9 @@
 				"ipc",
 				"keyctl",
 				"kill",
+				"landlock_add_rule",
+				"landlock_create_ruleset",
+				"landlock_restrict_self",
 				"lchown",
 				"lchown32",
 				"lgetxattr",
author	Charlie Doern <cdoern@redhat.com>	2022-06-28 12:11:29 -0400
committer	Charlie Doern <cdoern@redhat.com>	2022-07-01 13:44:32 -0400
commit	b92149e2a8ce596b2839ec404e2ebd457943848f (patch)
tree	1223e8b4594b40413a749c5d0025f5c4a6106f8a /vendor/github.com
parent	b00e65aa9c071428579a55f91a92f3702765ed85 (diff)
download	podman-b92149e2a8ce596b2839ec404e2ebd457943848f.tar.gz podman-b92149e2a8ce596b2839ec404e2ebd457943848f.tar.bz2 podman-b92149e2a8ce596b2839ec404e2ebd457943848f.zip