From 45e712a2c651f9baf41e89c94433bcfbfea7173b Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 11 May 2020 14:10:05 +0200
Subject: rootless: do not set pids limits with cgroupfs

and enable events tests.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 cmd/podman/common/specgen.go    | 28 +++++++++++++++-------------
 cmd/podman/containers/create.go |  3 +++
 2 files changed, 18 insertions(+), 13 deletions(-)

(limited to 'cmd/podman')

diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 664e66df8..1fabff378 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -8,12 +8,14 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/libpod/cmd/podman/parse"
 	"github.com/containers/libpod/libpod/define"
 	ann "github.com/containers/libpod/pkg/annotations"
 	envLib "github.com/containers/libpod/pkg/env"
 	ns "github.com/containers/libpod/pkg/namespaces"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/libpod/pkg/specgen"
 	systemdGen "github.com/containers/libpod/pkg/systemd/generate"
 	"github.com/containers/libpod/pkg/util"
@@ -126,20 +128,23 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (
 	return io, nil
 }
 
-func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxPids, error) {
+func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) *specs.LinuxPids {
 	pids := &specs.LinuxPids{}
-	hasLimits := false
-	if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 {
-		return nil, nil
+	if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 {
+		return nil
+	}
+	if c.PIDsLimit < 0 {
+		if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager {
+			return nil
+		}
+		pids.Limit = containerConfig.PidsLimit()
+		return pids
 	}
 	if c.PIDsLimit > 0 {
 		pids.Limit = c.PIDsLimit
-		hasLimits = true
+		return pids
 	}
-	if !hasLimits {
-		return nil, nil
-	}
-	return pids, nil
+	return nil
 }
 
 func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxMemory, error) {
@@ -464,10 +469,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	if err != nil {
 		return err
 	}
-	s.ResourceLimits.Pids, err = getPidsLimits(s, c, args)
-	if err != nil {
-		return err
-	}
+	s.ResourceLimits.Pids = getPidsLimits(s, c, args)
 	s.ResourceLimits.CPU, err = getCPULimits(s, c, args)
 	if err != nil {
 		return err
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 2ecdda2e0..5058cdfe5 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -168,6 +168,9 @@ func createInit(c *cobra.Command) error {
 	if c.Flag("pid").Changed {
 		cliVals.PID = c.Flag("pid").Value.String()
 	}
+	if !c.Flag("pids-limit").Changed {
+		cliVals.PIDsLimit = -1
+	}
 	if c.Flag("cgroupns").Changed {
 		cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
 	}
-- 
cgit v1.2.3-54-g00ecf