Merge pull request #6174 from giuseppe/fix-events-rootless

rootless: do not set pids limits with cgroupfs

cmd/podman/common/specgen.go

@@ -8,12 +8,14 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/libpod/cmd/podman/parse"
 	"github.com/containers/libpod/libpod/define"
 	ann "github.com/containers/libpod/pkg/annotations"
 	envLib "github.com/containers/libpod/pkg/env"
 	ns "github.com/containers/libpod/pkg/namespaces"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/libpod/pkg/specgen"
 	systemdGen "github.com/containers/libpod/pkg/systemd/generate"
 	"github.com/containers/libpod/pkg/util"
@@ -126,20 +128,23 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (
 	return io, nil
 }
 
-func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxPids, error) {
+func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) *specs.LinuxPids {
 	pids := &specs.LinuxPids{}
-	hasLimits := false
+	if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 {
-	if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 {
+		return nil
-		return nil, nil
+	}
+	if c.PIDsLimit < 0 {
+		if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager {
+			return nil
+		}
+		pids.Limit = containerConfig.PidsLimit()
+		return pids
 	}
 	if c.PIDsLimit > 0 {
 		pids.Limit = c.PIDsLimit
-		hasLimits = true
+		return pids
 	}
-	if !hasLimits {
+	return nil
-		return nil, nil
-	}
-	return pids, nil
 }
 
 func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxMemory, error) {
@@ -464,10 +469,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	if err != nil {
 		return err
 	}
-	s.ResourceLimits.Pids, err = getPidsLimits(s, c, args)
+	s.ResourceLimits.Pids = getPidsLimits(s, c, args)
-	if err != nil {
-		return err
-	}
 	s.ResourceLimits.CPU, err = getCPULimits(s, c, args)
 	if err != nil {
 		return err

cmd/podman/containers/create.go

@@ -168,6 +168,9 @@ func createInit(c *cobra.Command) error {
 	if c.Flag("pid").Changed {
 		cliVals.PID = c.Flag("pid").Value.String()
 	}
+	if !c.Flag("pids-limit").Changed {
+		cliVals.PIDsLimit = -1
+	}
 	if c.Flag("cgroupns").Changed {
 		cliVals.CGroupsNS = c.Flag("cgroupns").Value.String()
 	}

test/e2e/events_test.go

@@ -19,7 +19,6 @@ var _ = Describe("Podman events", func() {
 	)
 
 	BeforeEach(func() {
-		SkipIfRootlessV2()
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)

test/e2e/run_networking_test.go

@@ -19,7 +19,6 @@ var _ = Describe("Podman run networking", func() {
 	)
 
 	BeforeEach(func() {
-		SkipIfRootlessV2()
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
@@ -193,6 +192,8 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run network expose duplicate host port results in error", func() {
+		SkipIfRootless()
+
 		session := podmanTest.Podman([]string{"run", "-dt", "-p", "80", ALPINE, "/bin/sh"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
@@ -202,7 +203,7 @@ var _ = Describe("Podman run networking", func() {
 		Expect(inspect.ExitCode()).To(Equal(0))
 
 		containerConfig := inspect.InspectContainerToJSON()
-		Expect(containerConfig[0].NetworkSettings.Ports[0].HostPort).ToNot(Equal("80"))
+		Expect(containerConfig[0].NetworkSettings.Ports[0].HostPort).ToNot(Equal(80))
 	})
 
 	It("podman run hostname test", func() {