aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile2
-rw-r--r--pkg/specgen/generate/container.go7
-rw-r--r--pkg/specgen/generate/oci.go44
3 files changed, 46 insertions, 7 deletions
diff --git a/Makefile b/Makefile
index d4edbd5f7..f389bcb35 100644
--- a/Makefile
+++ b/Makefile
@@ -474,7 +474,7 @@ install: .gopathok install.bin install.remote install.man install.cni install.sy
install.remote: podman-remote
install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(BINDIR)
install ${SELINUXOPT} -m 755 bin/podman-remote $(DESTDIR)$(BINDIR)/podman-remote
- test -z "${SELINUXOPT}" || chcon --verbose --reference=$(DESTDIR)$(BINDIR)/podman bin/podman-remote
+ test -z "${SELINUXOPT}" || chcon --verbose --reference=$(DESTDIR)$(BINDIR)/podman-remote bin/podman-remote
.PHONY: install.bin
install.bin: podman
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index d8d3bf11d..8c02731fd 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -13,6 +13,7 @@ import (
)
func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) error {
+ var appendEntryPoint bool
newImage, err := r.ImageRuntime().NewFromLocal(s.Image)
if err != nil {
@@ -100,6 +101,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
return err
}
if len(s.Entrypoint) < 1 && len(entrypoint) > 0 {
+ appendEntryPoint = true
s.Entrypoint = entrypoint
}
command, err := newImage.Cmd(ctx)
@@ -107,7 +109,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
return err
}
if len(s.Command) < 1 && len(command) > 0 {
- s.Command = command
+ if appendEntryPoint {
+ s.Command = entrypoint
+ }
+ s.Command = append(s.Command, command...)
}
if len(s.Command) < 1 && len(s.Entrypoint) < 1 {
return errors.Errorf("No command provided or as CMD or ENTRYPOINT in this image")
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 0ed091f9a..fc269cd44 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -12,6 +12,42 @@ import (
"github.com/opencontainers/runtime-tools/generate"
)
+func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
+ var (
+ kernelMax uint64 = 1048576
+ isRootless = rootless.IsRootless()
+ nofileSet = false
+ nprocSet = false
+ )
+
+ if s.Rlimits == nil {
+ g.Config.Process.Rlimits = nil
+ return nil
+ }
+
+ for _, u := range s.Rlimits {
+ name := "RLIMIT_" + strings.ToUpper(u.Type)
+ if name == "RLIMIT_NOFILE" {
+ nofileSet = true
+ } else if name == "RLIMIT_NPROC" {
+ nprocSet = true
+ }
+ g.AddProcessRlimits(name, u.Hard, u.Soft)
+ }
+
+ // If not explicitly overridden by the user, default number of open
+ // files and number of processes to the maximum they can be set to
+ // (without overriding a sysctl)
+ if !nofileSet && !isRootless {
+ g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax)
+ }
+ if !nprocSet && !isRootless {
+ g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax)
+ }
+
+ return nil
+}
+
func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.Image) (*spec.Spec, error) {
var (
inUserNS bool
@@ -176,11 +212,9 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
g.AddProcessEnv(name, val)
}
- // TODO rlimits and ulimits needs further refinement by someone more
- // familiar with the code.
- //if err := addRlimits(config, &g); err != nil {
- // return nil, err
- //}
+ if err := addRlimits(s, &g); err != nil {
+ return nil, err
+ }
// NAMESPACES
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-12-28 23:56:16 +0000