podman run: fix --pids-limit -1 wrt runc

Since commit c25cc7230 ("Allow a value of -1 to set unlimited pids limit") podman converts the pids-limit value of -1 to 0 for OCI spec. Unfortunately, different runtimes (crun and runc) treat pids.limit=0 differently, and the runtime-spec definition is somewhat vague (see [1]). Long term fix belongs to runtime-spec and then runtimes should follow it. Short term fix is do not convert -1 to 0 (as all runtimes treat -1 as unlimited). [NO NEW TESTS NEEDED] -- this is covered by test added in commit 553e53d44. Fixes: https://issues.redhat.com/browse/RHEL-80973 [1]: https://github.com/opencontainers/runc/issues/4014#issuecomment-1888185352 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-26 15:49:09 -08:00 · 2025-02-26 15:49:09 -08:00 · 328c7260fc
parent e264f58d0a
commit 328c7260fc
1 changed files with 0 additions and 4 deletions
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@ -212,10 +212,6 @@ func replaceContainer(name string) error {
 func createOrUpdateFlags(cmd *cobra.Command, vals *entities.ContainerCreateOptions) error {
 	if cmd.Flags().Changed("pids-limit") {
 		val := cmd.Flag("pids-limit").Value.String()
-		// Convert -1 to 0, so that -1 maps to unlimited pids limit
-		if val == "-1" {
-			val = "0"
-		}
 		pidsLimit, err := strconv.ParseInt(val, 10, 32)
 		if err != nil {
 			return err