summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/kpod/spec.go28
-rw-r--r--test/kpod_run.bats17
2 files changed, 39 insertions, 6 deletions
diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go
index d31f9c8ed..5033e9d09 100644
--- a/cmd/kpod/spec.go
+++ b/cmd/kpod/spec.go
@@ -7,6 +7,7 @@ import (
"github.com/docker/docker/daemon/caps"
"github.com/docker/docker/pkg/mount"
+ "github.com/docker/go-units"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
@@ -16,6 +17,22 @@ import (
"golang.org/x/sys/unix"
)
+func addRlimits(config *createConfig, g *generate.Generator) error {
+ var (
+ ul *units.Ulimit
+ err error
+ )
+
+ for _, u := range config.resources.ulimit {
+ if ul, err = units.ParseUlimit(u); err != nil {
+ return errors.Wrapf(err, "ulimit option %q requires name=SOFT:HARD, failed to be parsed", u)
+ }
+
+ g.AddProcessRlimits("RLIMIT_"+strings.ToUpper(ul.Name), uint64(ul.Soft), uint64(ul.Hard))
+ }
+ return nil
+}
+
func setupCapabilities(config *createConfig, configSpec *spec.Spec) error {
var err error
var caplist []string
@@ -131,6 +148,10 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
g.AddProcessEnv(name, val)
}
+ if err := addRlimits(config, &g); err != nil {
+ return nil, err
+ }
+
configSpec := g.Spec()
if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" {
@@ -154,12 +175,7 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
}
/*
- // Rlimits []PosixRlimit // Where does this come from
- // Type string
- // Hard uint64
- // Limit uint64
- OOMScoreAdj: &config.resources.oomScoreAdj,
- },
+ OOMScoreAdj: &config.resources.oomScoreAdj,
Hooks: &configSpec.Hooks{},
//Annotations
Resources: &configSpec.LinuxResources{
diff --git a/test/kpod_run.bats b/test/kpod_run.bats
index bcc1d816d..203fcc0cc 100644
--- a/test/kpod_run.bats
+++ b/test/kpod_run.bats
@@ -90,3 +90,20 @@ function setup() {
# echo "$output"
# [ "$status" -eq 0 ]
}
+
+IMAGE="docker.io/library/fedora:latest"
+
+@test "run limits test" {
+
+ ${KPOD_BINARY} ${KPOD_OPTIONS} pull ${IMAGE}
+
+ run ${KPOD_BINARY} ${KPOD_OPTIONS} run --ulimit rtprio=99 --cap-add=sys_nice ${IMAGE} cat /proc/self/sched
+ echo $output
+ [ "$status" -eq 0 ]
+
+ run bash -c "export FOO=BAR; ${KPOD_BINARY} ${KPOD_OPTIONS} run --ulimit nofile=2048:2048 ${IMAGE} ulimit -n | tr -d '\r'"
+ echo $output
+ [ "$status" -eq 0 ]
+ [ "$output" = 2048 ]
+
+}