quadlet container support multiple Ulimit options

Add support for using multiple `Ulimit=` options in `.container` files. Before, only the last `Ulimit=` option was used in the podman command. Update podman-systemd.unit.5 docs to reflect this change. Add `test/e2e/quadlet/ulimit.container` to e2e tests. Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
2023-12-17 04:31:59 -06:00 · 2023-12-17 04:31:59 -06:00 · 6a96c8b5fc
parent 07834ab39e
commit 6a96c8b5fc
4 changed files with 9 additions and 4 deletions
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@ -659,6 +659,8 @@ This key can be listed multiple times.

 Ulimit options. Sets the ulimits values inside of the container.

+This key can be listed multiple times.
+
 ### `Unmask=`

 Specify the paths to unmask separated by a colon. unmask=ALL or /path/1:/path/2, or shell expanded paths (/proc/*):
--- a/pkg/systemd/quadlet/quadlet.go
+++ b/pkg/systemd/quadlet/quadlet.go
@ -574,8 +574,8 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse
 		podman.add("--security-opt", fmt.Sprintf("label=level:%s", securityLabelLevel))
 	}

-	ulimit, ok := container.Lookup(ContainerGroup, KeyUlimit)
-	if ok && len(ulimit) > 0 {
+	ulimits := container.LookupAll(ContainerGroup, KeyUlimit)
+	for _, ulimit := range ulimits {
 		podman.add("--ulimit", ulimit)
 	}

--- a/test/e2e/quadlet/ulimit.container
+++ b/test/e2e/quadlet/ulimit.container
@ -1,6 +1,8 @@
 ## assert-podman-final-args localhost/imagename
-## assert-podman-args "--ulimit nproc:1234:5678"
+## assert-podman-args --ulimit nproc=1234:5678
+## assert-podman-args --ulimit cpu=1234:5678

 [Container]
 Image=localhost/imagename
-Ulimit=nproc:1234:5678
+Ulimit=nproc=1234:5678
+Ulimit=cpu=1234:5678
--- a/test/e2e/quadlet_test.go
+++ b/test/e2e/quadlet_test.go
@ -815,6 +815,7 @@ BOGUS=foo
 		Entry("subidmapping-with-remap.container", "subidmapping-with-remap.container", 1, "converting \"subidmapping-with-remap.container\": deprecated Remap keys are set along with explicit mapping keys"),
 		Entry("sysctl.container", "sysctl.container", 0, ""),
 		Entry("timezone.container", "timezone.container", 0, ""),
+		Entry("ulimit.container", "ulimit.container", 0, ""),
 		Entry("unmask.container", "unmask.container", 0, ""),
 		Entry("user.container", "user.container", 0, ""),
 		Entry("userns.container", "userns.container", 0, ""),