From 3cbb718049563c857062ea40e8965d45abc41ed4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Rod=C3=A1k?= <hony.com@seznam.cz>
Date: Wed, 16 Apr 2025 16:01:31 +0200
Subject: [PATCH] Fix compat API in rootless mode ignores ulimits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: https://github.com/containers/podman/issues/25881

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
---
 pkg/api/handlers/compat/containers_create.go | 14 +++++++-------
 test/apiv2/20-containers.at                  | 15 +++++++++++++++
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
index 02253b9b2a..77e469ddfb 100644
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@@ -486,15 +486,15 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
 		HealthMaxLogCount:    define.DefaultHealthMaxLogCount,
 		HealthMaxLogSize:     define.DefaultHealthMaxLogSize,
 	}
-	if !rootless.IsRootless() {
-		var ulimits []string
-		if len(cc.HostConfig.Ulimits) > 0 {
-			for _, ul := range cc.HostConfig.Ulimits {
-				ulimits = append(ulimits, ul.String())
-			}
-			cliOpts.Ulimit = ulimits
+
+	var ulimits []string
+	if len(cc.HostConfig.Ulimits) > 0 {
+		for _, ul := range cc.HostConfig.Ulimits {
+			ulimits = append(ulimits, ul.String())
 		}
+		cliOpts.Ulimit = ulimits
 	}
+
 	if cc.HostConfig.Resources.NanoCPUs > 0 {
 		if cliOpts.CPUPeriod != 0 || cliOpts.CPUQuota != 0 {
 			return nil, nil, fmt.Errorf("NanoCpus conflicts with CpuPeriod and CpuQuota")
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index 56c617939c..7b8c5a6bf0 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -419,6 +419,21 @@ t GET containers/$cid/json 200 \
 
 t DELETE containers/$cid?v=true 204
 
+
+# test compact API in rootless mode ignores ulimits https://github.com/containers/podman/issues/25881
+t POST containers/create \
+  Image=$IMAGE           \
+  HostConfig='{"Ulimits":[{"Name":"cpu","Soft":1,"Hard":2}]}' \
+  201                    \
+  .Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.Id' <<<"$output")
+t GET containers/$cid/json 200 \
+  .HostConfig.Ulimits[0].Name="RLIMIT_CPU" \
+  .HostConfig.Ulimits[0].Hard=2            \
+  .HostConfig.Ulimits[0].Soft=1            \
+
+t DELETE containers/$cid 204
+
 # test port mapping
 podman run -d --rm --name bar -p 8080:9090 $IMAGE top