Allow a value of -1 to set unlimited pids limit
Users can set --pids-limit to -1 now to set unlimited pids limit for a container - this matches the convention. [NO TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This commit is contained in:
Urvashi Mohnani
parent
d987f26f1e
commit
c25cc7230f
|
|
@ -421,7 +421,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
|
||||||
pidsLimitFlagName := "pids-limit"
|
pidsLimitFlagName := "pids-limit"
|
||||||
createFlags.Int64(
|
createFlags.Int64(
|
||||||
pidsLimitFlagName, pidsLimit(),
|
pidsLimitFlagName, pidsLimit(),
|
||||||
"Tune container pids limit (set 0 for unlimited, -1 for server defaults)",
|
"Tune container pids limit (set -1 for unlimited)",
|
||||||
)
|
)
|
||||||
_ = cmd.RegisterFlagCompletionFunc(pidsLimitFlagName, completion.AutocompleteNone)
|
_ = cmd.RegisterFlagCompletionFunc(pidsLimitFlagName, completion.AutocompleteNone)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -224,6 +224,10 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
|
||||||
|
|
||||||
if c.Flags().Changed("pids-limit") {
|
if c.Flags().Changed("pids-limit") {
|
||||||
val := c.Flag("pids-limit").Value.String()
|
val := c.Flag("pids-limit").Value.String()
|
||||||
|
// Convert -1 to 0, so that -1 maps to unlimited pids limit
|
||||||
|
if val == "-1" {
|
||||||
|
val = "0"
|
||||||
|
}
|
||||||
pidsLimit, err := strconv.ParseInt(val, 10, 32)
|
pidsLimit, err := strconv.ParseInt(val, 10, 32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return vals, err
|
return vals, err
|
||||||
|
|
|
||||||
|
|
@ -728,7 +728,7 @@ Default is to create a private PID namespace for the container
|
||||||
|
|
||||||
#### **--pids-limit**=*limit*
|
#### **--pids-limit**=*limit*
|
||||||
|
|
||||||
Tune the container's pids limit. Set `0` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups).
|
Tune the container's pids limit. Set `-1` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups).
|
||||||
|
|
||||||
#### **--platform**=*OS/ARCH*
|
#### **--platform**=*OS/ARCH*
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -751,7 +751,7 @@ The default is to create a private PID namespace for the container.
|
||||||
|
|
||||||
#### **--pids-limit**=*limit*
|
#### **--pids-limit**=*limit*
|
||||||
|
|
||||||
Tune the container's pids limit. Set to **0** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller.
|
Tune the container's pids limit. Set to **-1** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller.
|
||||||
|
|
||||||
#### **--platform**=*OS/ARCH*
|
#### **--platform**=*OS/ARCH*
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -72,10 +72,9 @@ func verifyContainerResourcesCgroupV1(s *specgen.SpecGenerator) ([]string, error
|
||||||
|
|
||||||
// Pids checks
|
// Pids checks
|
||||||
if s.ResourceLimits.Pids != nil {
|
if s.ResourceLimits.Pids != nil {
|
||||||
pids := s.ResourceLimits.Pids
|
|
||||||
// TODO: Should this be 0, or checking that ResourceLimits.Pids
|
// TODO: Should this be 0, or checking that ResourceLimits.Pids
|
||||||
// is set at all?
|
// is set at all?
|
||||||
if pids.Limit > 0 && !sysInfo.PidsLimit {
|
if s.ResourceLimits.Pids.Limit >= 0 && !sysInfo.PidsLimit {
|
||||||
warnings = append(warnings, "Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
|
warnings = append(warnings, "Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
|
||||||
s.ResourceLimits.Pids = nil
|
s.ResourceLimits.Pids = nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue