You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Given that docker compose v3 does not support adding pids limit on containers, it would be convenient setting this limit on daemon config level. Should work like the default for no-new-privileges.
The compose v3 schema was implemented with a feature-set for Swarm Services (as used by docker stack deploy), which initially did not support this option, but was added to the v3.9 compose schema in docker/cli#2503. This is where things get a bit hairy for the v3 version, because docker stack supported it, but docker compose not (yet), as it was still on schema 3.8, so it was not yet added to the documentation.
However, looking at the spec, I see it was based on the older v3.8 schema (or a not-yet released version of the v3.9 schema), and because of that doesn't include the limits.pids option;
you can use the pids_limit option on a current version of compose
you can use the limits.pids option for docker stack deploy (when using the v3.9 compose file version), but not (yet) when using Docker Compose (I'll open a ticket and/or PR in the compose spec to fix this omission)
Tested pids_limit with latest docker compose and managed to use it. Thank you, this can be closed. Although it would still be nice if it could be controlled globally.
Given that docker compose v3 does not support adding pids limit on containers, it would be convenient setting this limit on daemon config level. Should work like the default for
no-new-privileges
.docker/compose#4792
docker/docker-bench-security#319
#18697
The text was updated successfully, but these errors were encountered: