From 8e3760c29fb46f3be148adf87f9240994bdd1ba4 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 20 Oct 2021 10:54:13 -0400 Subject: Remove --kernel-memory options Kernel memory option has been depracated in runtime-spec, It is believed that it will not work properly on certain kernels. runc ignores it. This PR removes documentation of the flag and also prints a warning if a user uses it. [NO NEW TESTS NEEDED] Helps Fix: https://github.com/containers/podman/issues/12045 Signed-off-by: Daniel J Walsh --- cmd/podman/common/create.go | 3 +++ cmd/podman/common/create_opts.go | 4 ++++ docs/source/markdown/podman-create.1.md | 12 ------------ docs/source/markdown/podman-run.1.md | 12 ------------ 4 files changed, 7 insertions(+), 24 deletions(-) diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index a3ff37c19..6270bad16 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -319,6 +319,9 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, "Kernel memory limit "+sizeWithUnitFormat, ) _ = cmd.RegisterFlagCompletionFunc(kernelMemoryFlagName, completion.AutocompleteNone) + // kernel-memory is deprecated in the runtime spec. + _ = createFlags.MarkHidden("kernel-memory") + logDriverFlagName := "log-driver" createFlags.StringVar( &cf.LogDriver, diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index 50d7c446d..223a91331 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -18,6 +18,7 @@ import ( "github.com/containers/podman/v3/pkg/specgen" "github.com/docker/docker/api/types/mount" "github.com/pkg/errors" + "github.com/sirupsen/logrus" ) func stringMaptoArray(m map[string]string) []string { @@ -383,6 +384,9 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c if cc.HostConfig.Memory > 0 { cliOpts.Memory = strconv.Itoa(int(cc.HostConfig.Memory)) } + if cc.HostConfig.KernelMemory > 0 { + logrus.Warnf("The --kernel-memory flag has been deprecated. May not work properly on your system.") + } if cc.HostConfig.MemoryReservation > 0 { cliOpts.MemoryReservation = strconv.Itoa(int(cc.HostConfig.MemoryReservation)) diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 0d4366dbe..ca104cb4e 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -487,18 +487,6 @@ Default is to create a private IPC namespace (POSIX SysV IPC) for the container `host`: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. `ns:` path to an IPC namespace to join. -#### **--kernel-memory**=*number[unit]* - -Kernel memory limit (format: `[]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) - -Constrains the kernel memory available to a container. If a limit of 0 -is specified (not using `--kernel-memory`), the container's kernel memory -is not limited. If you specify a limit, it may be rounded up to a multiple -of the operating system's page size and the value can be very large, -millions of trillions. - -This flag is not supported on cgroups V2 systems. - #### **--label**, **-l**=*label* Add metadata to a container (e.g., --label com.example.key=value) diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 30a9fad9a..d0b111037 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -512,18 +512,6 @@ a private IPC namespace. - **host**: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - **ns:**_path_: path to an IPC namespace to join. -#### **--kernel-memory**=_number_[_unit_] - -Kernel memory limit. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). - -Constrains the kernel memory available to a container. If a limit of 0 -is specified (not using *--kernel-memory*), the container's kernel memory -is not limited. If you specify a limit, it may be rounded up to a multiple -of the operating system's page size and the value can be very large, -millions of trillions. - -This flag is not supported on cgroups V2 systems. - #### **--label**, **-l**=*key*=*value* Add metadata to a container. -- cgit v1.2.3-54-g00ecf