diff options
| -rw-r--r-- | cmd/kpod/spec.go | 28 | ||||
| -rw-r--r-- | test/kpod_run.bats | 17 |
2 files changed, 39 insertions, 6 deletions
diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go index d31f9c8ed..5033e9d09 100644 --- a/cmd/kpod/spec.go +++ b/cmd/kpod/spec.go @@ -7,6 +7,7 @@ import ( "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" + "github.com/docker/go-units" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" @@ -16,6 +17,22 @@ import ( "golang.org/x/sys/unix" ) +func addRlimits(config *createConfig, g *generate.Generator) error { + var ( + ul *units.Ulimit + err error + ) + + for _, u := range config.resources.ulimit { + if ul, err = units.ParseUlimit(u); err != nil { + return errors.Wrapf(err, "ulimit option %q requires name=SOFT:HARD, failed to be parsed", u) + } + + g.AddProcessRlimits("RLIMIT_"+strings.ToUpper(ul.Name), uint64(ul.Soft), uint64(ul.Hard)) + } + return nil +} + func setupCapabilities(config *createConfig, configSpec *spec.Spec) error { var err error var caplist []string @@ -131,6 +148,10 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { g.AddProcessEnv(name, val) } + if err := addRlimits(config, &g); err != nil { + return nil, err + } + configSpec := g.Spec() if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" { @@ -154,12 +175,7 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { } /* - // Rlimits []PosixRlimit // Where does this come from - // Type string - // Hard uint64 - // Limit uint64 - OOMScoreAdj: &config.resources.oomScoreAdj, - }, + OOMScoreAdj: &config.resources.oomScoreAdj, Hooks: &configSpec.Hooks{}, //Annotations Resources: &configSpec.LinuxResources{ diff --git a/test/kpod_run.bats b/test/kpod_run.bats index bcc1d816d..203fcc0cc 100644 --- a/test/kpod_run.bats +++ b/test/kpod_run.bats @@ -90,3 +90,20 @@ function setup() { # echo "$output" # [ "$status" -eq 0 ] } + +IMAGE="docker.io/library/fedora:latest" + +@test "run limits test" { + + ${KPOD_BINARY} ${KPOD_OPTIONS} pull ${IMAGE} + + run ${KPOD_BINARY} ${KPOD_OPTIONS} run --ulimit rtprio=99 --cap-add=sys_nice ${IMAGE} cat /proc/self/sched + echo $output + [ "$status" -eq 0 ] + + run bash -c "export FOO=BAR; ${KPOD_BINARY} ${KPOD_OPTIONS} run --ulimit nofile=2048:2048 ${IMAGE} ulimit -n | tr -d '\r'" + echo $output + [ "$status" -eq 0 ] + [ "$output" = 2048 ] + +} |