opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-22 01:48:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

rootless: do not set pids limits with cgroupfs

Browse Source 
and enable events tests.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2020-05-11 14:10:05 +02:00
parent 7837bf3c07
commit 45e712a2c6
3 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
cmd/podman/common/specgen.go
View File

@ -8,12 +8,14 @@ import (
"strings" "strings"
"time" "time"
"github.com/containers/common/pkg/config"
"github.com/containers/image/v5/manifest" "github.com/containers/image/v5/manifest"
"github.com/containers/libpod/cmd/podman/parse" "github.com/containers/libpod/cmd/podman/parse"
"github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/define"
ann "github.com/containers/libpod/pkg/annotations" ann "github.com/containers/libpod/pkg/annotations"
envLib "github.com/containers/libpod/pkg/env" envLib "github.com/containers/libpod/pkg/env"
ns "github.com/containers/libpod/pkg/namespaces" ns "github.com/containers/libpod/pkg/namespaces"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/specgen" "github.com/containers/libpod/pkg/specgen"
systemdGen "github.com/containers/libpod/pkg/systemd/generate" systemdGen "github.com/containers/libpod/pkg/systemd/generate"
"github.com/containers/libpod/pkg/util" "github.com/containers/libpod/pkg/util"
@ -126,20 +128,23 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (
return io, nil return io, nil
} }
func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxPids, error) { func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) *specs.LinuxPids {
pids := &specs.LinuxPids{} pids := &specs.LinuxPids{}
hasLimits := false if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 {
if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 { return nil
return nil, nil }
if c.PIDsLimit < 0 {
if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager {
return nil
}
pids.Limit = containerConfig.PidsLimit()
return pids
} }
if c.PIDsLimit > 0 { if c.PIDsLimit > 0 {
pids.Limit = c.PIDsLimit pids.Limit = c.PIDsLimit
hasLimits = true return pids
} }
if !hasLimits { return nil
return nil, nil
}
return pids, nil
} }
func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxMemory, error) { func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxMemory, error) {
@ -464,10 +469,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
if err != nil { if err != nil {
return err return err
} }
s.ResourceLimits.Pids, err = getPidsLimits(s, c, args) s.ResourceLimits.Pids = getPidsLimits(s, c, args)
if err != nil {
return err
}
s.ResourceLimits.CPU, err = getCPULimits(s, c, args) s.ResourceLimits.CPU, err = getCPULimits(s, c, args)
if err != nil { if err != nil {
return err return err

3
cmd/podman/containers/create.go
View File

@ -168,6 +168,9 @@ func createInit(c *cobra.Command) error {
if c.Flag("pid").Changed { if c.Flag("pid").Changed {
cliVals.PID = c.Flag("pid").Value.String() cliVals.PID = c.Flag("pid").Value.String()
} }
if !c.Flag("pids-limit").Changed {
cliVals.PIDsLimit = -1
}
if c.Flag("cgroupns").Changed { if c.Flag("cgroupns").Changed {
cliVals.CGroupsNS = c.Flag("cgroupns").Value.String() cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
} }

1
test/e2e/events_test.go
View File

@ -19,7 +19,6 @@ var _ = Describe("Podman events", func() {
) )
BeforeEach(func() { BeforeEach(func() {
SkipIfRootlessV2()
tempdir, err = CreateTempDirInTempDir() tempdir, err = CreateTempDirInTempDir()
if err != nil { if err != nil {
os.Exit(1) os.Exit(1)