Merge pull request #11794 from umohnani8/pid

Allow a value of -1 to set unlimited pids limit
containers · Sep 30, 2021 · 5c2204b · 5c2204b
2 parents 1f3e2ed + c25cc72
commit 5c2204b
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 5 deletions.
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
@@ -421,7 +421,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		pidsLimitFlagName := "pids-limit"
 		createFlags.Int64(
 			pidsLimitFlagName, pidsLimit(),
-			"Tune container pids limit (set 0 for unlimited, -1 for server defaults)",
+			"Tune container pids limit (set -1 for unlimited)",
 		)
 		_ = cmd.RegisterFlagCompletionFunc(pidsLimitFlagName, completion.AutocompleteNone)
 

diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
@@ -235,6 +235,10 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
 
 		if c.Flags().Changed("pids-limit") {
 			val := c.Flag("pids-limit").Value.String()
+			// Convert -1 to 0, so that -1 maps to unlimited pids limit
+			if val == "-1" {
+				val = "0"
+			}
 			pidsLimit, err := strconv.ParseInt(val, 10, 32)
 			if err != nil {
 				return vals, err

diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
@@ -732,7 +732,7 @@ Default is to create a private PID namespace for the container
 
 #### **--pids-limit**=*limit*
 
-Tune the container's pids limit. Set `0` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups).
+Tune the container's pids limit. Set `-1` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups).
 
 #### **--platform**=*OS/ARCH*
 

diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
@@ -756,7 +756,7 @@ The default is to create a private PID namespace for the container.
 
 #### **--pids-limit**=*limit*
 
-Tune the container's pids limit. Set to **0** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller.
+Tune the container's pids limit. Set to **-1** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller.
 
 #### **--platform**=*OS/ARCH*
 

diff --git a/pkg/specgen/generate/validate.go b/pkg/specgen/generate/validate.go
@@ -72,10 +72,9 @@ func verifyContainerResourcesCgroupV1(s *specgen.SpecGenerator) ([]string, error
 
 	// Pids checks
 	if s.ResourceLimits.Pids != nil {
-		pids := s.ResourceLimits.Pids
 		// TODO: Should this be 0, or checking that ResourceLimits.Pids
 		// is set at all?
-		if pids.Limit > 0 && !sysInfo.PidsLimit {
+		if s.ResourceLimits.Pids.Limit >= 0 && !sysInfo.PidsLimit {
 			warnings = append(warnings, "Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
 			s.ResourceLimits.Pids = nil
 		}