From c4023a9302c81f04865646d765caf58ccf556cae Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Mon, 6 Jul 2020 14:14:48 -0400
Subject: Pids-limit should only be set if the user set it

Currently we are sending over pids-limits from the user even if they
never modified the defaults.  The pids limit should be set at the server
side unless modified by the user.

This issue has led to failures on systems that were running with cgroups V1.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/specgen/generate/container.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'pkg')

diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index dee79cf67..f0d52d0c3 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -10,6 +10,7 @@ import (
 	envLib "github.com/containers/libpod/v2/pkg/env"
 	"github.com/containers/libpod/v2/pkg/signal"
 	"github.com/containers/libpod/v2/pkg/specgen"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
@@ -169,6 +170,21 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 		}
 	}
 
+	// If caller did not specify Pids Limits load default
+	if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil {
+		if s.CgroupsMode != "disabled" {
+			limit := rtc.PidsLimit()
+			if limit != 0 {
+				if s.ResourceLimits == nil {
+					s.ResourceLimits = &spec.LinuxResources{}
+				}
+				s.ResourceLimits.Pids = &spec.LinuxPids{
+					Limit: limit,
+				}
+			}
+		}
+	}
+
 	return verifyContainerResources(s)
 }
 
-- 
cgit v1.2.3-54-g00ecf