From 45e712a2c651f9baf41e89c94433bcfbfea7173b Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 11 May 2020 14:10:05 +0200 Subject: rootless: do not set pids limits with cgroupfs and enable events tests. Signed-off-by: Giuseppe Scrivano --- cmd/podman/common/specgen.go | 28 +++++++++++++++------------- cmd/podman/containers/create.go | 3 +++ 2 files changed, 18 insertions(+), 13 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 664e66df8..1fabff378 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -8,12 +8,14 @@ import ( "strings" "time" + "github.com/containers/common/pkg/config" "github.com/containers/image/v5/manifest" "github.com/containers/libpod/cmd/podman/parse" "github.com/containers/libpod/libpod/define" ann "github.com/containers/libpod/pkg/annotations" envLib "github.com/containers/libpod/pkg/env" ns "github.com/containers/libpod/pkg/namespaces" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/specgen" systemdGen "github.com/containers/libpod/pkg/systemd/generate" "github.com/containers/libpod/pkg/util" @@ -126,20 +128,23 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) ( return io, nil } -func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxPids, error) { +func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) *specs.LinuxPids { pids := &specs.LinuxPids{} - hasLimits := false - if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 { - return nil, nil + if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 { + return nil + } + if c.PIDsLimit < 0 { + if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager { + return nil + } + pids.Limit = containerConfig.PidsLimit() + return pids } if c.PIDsLimit > 0 { pids.Limit = c.PIDsLimit - hasLimits = true + return pids } - if !hasLimits { - return nil, nil - } - return pids, nil + return nil } func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxMemory, error) { @@ -464,10 +469,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string if err != nil { return err } - s.ResourceLimits.Pids, err = getPidsLimits(s, c, args) - if err != nil { - return err - } + s.ResourceLimits.Pids = getPidsLimits(s, c, args) s.ResourceLimits.CPU, err = getCPULimits(s, c, args) if err != nil { return err diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 2ecdda2e0..5058cdfe5 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -168,6 +168,9 @@ func createInit(c *cobra.Command) error { if c.Flag("pid").Changed { cliVals.PID = c.Flag("pid").Value.String() } + if !c.Flag("pids-limit").Changed { + cliVals.PIDsLimit = -1 + } if c.Flag("cgroupns").Changed { cliVals.CGroupsNS = c.Flag("cgroupns").Value.String() } -- cgit v1.2.3-54-g00ecf