Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix invalid handling of pids.limit=0 from runtime spec #4023

Closed
wants to merge 3 commits into from
Closed

Fix invalid handling of pids.limit=0 from runtime spec #4023

wants to merge 3 commits into from
+27 −7

Commits on Oct 20, 2023

  1. tests/int: fix "runc run (cgroup v2 resources.unified override)" 

    This test case checks that unified resources override those set by
conventional means, but it does not set conventional pids limit.

Fix this.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
    @kolyshkin @lifubang
    kolyshkin authored and lifubang committed Oct 20, 2023
    Configuration menu
    Copy the full SHA
    5cfd6e8 View commit details
    Browse the repository at this point in the history

  2. tests/int/update: use systemd_version() 

    Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
    @kolyshkin @lifubang
    kolyshkin authored and lifubang committed Oct 20, 2023
    Configuration menu
    Copy the full SHA
    36e3e42 View commit details
    Browse the repository at this point in the history

  3. runc run: treat pids.limit=0 as unlimited 

    It has been pointed out that runc incorrectly ignores pids.limit=0 set
in the runtime spec. This happens because runtime-spec says "default is
unlimited" and also allows for Pids to not be set at all, thus
distinguishing unset (Resources.Pids == nil) from unlimited
(Resources.Pids.Limit <= 0).

Internally, runc also distinguishes unset from unlimited, but since we
do not use a pointer, we treat 0 as unset and -1 as unlimited.

Add a conversion code to libcontainer/specconv.

Add a test case to check that starting a container with pids.limit=0
results in no pids limit (the test fails before the fix when systemd
cgroup manager is used, as systemd apparently uses parent's TasksMax).

NOTE that runc update still treats 0 as "unset".

Finally, fix/update the documentation here and there.

Should fix issue 4014.

Reported-by: Peter Hunt <pehunt@redhat.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
    @kolyshkin @lifubang
    kolyshkin authored and lifubang committed Oct 20, 2023
    Configuration menu
    Copy the full SHA
    4c61f68 View commit details
    Browse the repository at this point in the history