From 479052afa65236fe916e04cb958c3ff2e2ceb7e5 Mon Sep 17 00:00:00 2001 From: Jake Correnti Date: Fri, 30 Dec 2022 23:05:12 -0500 Subject: [PATCH] Fixed `podman update --pids-limit` Added the functionality for a user to update the PIDs limit for a container. Fixes: #16543 Signed-off-by: Jake Correnti --- cmd/podman/common/create.go | 15 ++++++++------- cmd/podman/common/create_opts.go | 1 + docs/source/markdown/options/pids-limit.md | 2 +- docs/source/markdown/podman-update.1.md.in | 6 ++++-- test/e2e/update_test.go | 16 +++++++++++++++- 5 files changed, 29 insertions(+), 11 deletions(-) diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 853e37b59a..99a9e79234 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -329,13 +329,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, ) _ = cmd.RegisterFlagCompletionFunc(variantFlagName, completion.AutocompleteNone) - pidsLimitFlagName := "pids-limit" - createFlags.Int64( - pidsLimitFlagName, pidsLimit(), - "Tune container pids limit (set -1 for unlimited)", - ) - _ = cmd.RegisterFlagCompletionFunc(pidsLimitFlagName, completion.AutocompleteNone) - platformFlagName := "platform" createFlags.StringVar( &cf.Platform, @@ -898,6 +891,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, "Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)", ) _ = cmd.RegisterFlagCompletionFunc(deviceWriteIopsFlagName, completion.AutocompleteDefault) + + pidsLimitFlagName := "pids-limit" + createFlags.Int64Var( + cf.PIDsLimit, + pidsLimitFlagName, pidsLimit(), + "Tune container pids limit (set -1 for unlimited)", + ) + _ = cmd.RegisterFlagCompletionFunc(pidsLimitFlagName, completion.AutocompleteNone) } // anyone can use these cpusFlagName := "cpus" diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index d77df29edb..7b53d1000e 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -92,4 +92,5 @@ func DefineCreateDefaults(opts *entities.ContainerCreateOptions) { opts.Ulimit = ulimits() opts.SeccompPolicy = "default" opts.Volume = volumes() + opts.PIDsLimit = &podmanConfig.ContainersConf.Containers.PidsLimit } diff --git a/docs/source/markdown/options/pids-limit.md b/docs/source/markdown/options/pids-limit.md index 39c53e081a..d59f6c82b0 100644 --- a/docs/source/markdown/options/pids-limit.md +++ b/docs/source/markdown/options/pids-limit.md @@ -1,5 +1,5 @@ ####> This option file is used in: -####> podman create, run +####> podman create, run, update ####> If file is edited, make sure the changes ####> are applicable to all of those. #### **--pids-limit**=*limit* diff --git a/docs/source/markdown/podman-update.1.md.in b/docs/source/markdown/podman-update.1.md.in index 49f356d25e..bcdd6ebc1c 100644 --- a/docs/source/markdown/podman-update.1.md.in +++ b/docs/source/markdown/podman-update.1.md.in @@ -53,6 +53,8 @@ This command takes one argument, a container name or ID, alongside the resource @@option memory-swappiness +@@option pids-limit + ## EXAMPLEs @@ -63,12 +65,12 @@ podman update --cpus=5 myCtr update a container with all available options for cgroups v2 ``` -podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --blkio-weight-device /dev/zero:123 --blkio-weight 123 --device-read-bps /dev/zero:10mb --device-write-bps /dev/zero:10mb --device-read-iops /dev/zero:1000 --device-write-iops /dev/zero:1000 ctrID +podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --blkio-weight-device /dev/zero:123 --blkio-weight 123 --device-read-bps /dev/zero:10mb --device-write-bps /dev/zero:10mb --device-read-iops /dev/zero:1000 --device-write-iops /dev/zero:1000 --pids-limit 123 ctrID ``` update a container with all available options for cgroups v1 ``` -podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --memory-swappiness 50 ctrID +podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --memory-swappiness 50 --pids-limit 123 ctrID ``` ## SEE ALSO diff --git a/test/e2e/update_test.go b/test/e2e/update_test.go index c7af402ce6..7c25d90b2b 100644 --- a/test/e2e/update_test.go +++ b/test/e2e/update_test.go @@ -47,7 +47,8 @@ var _ = Describe("Podman update", func() { "--memory", "1G", "--memory-swap", "2G", "--memory-reservation", "2G", - "--memory-swappiness", "50", ctrID} + "--memory-swappiness", "50", + "--pids-limit", "123", ctrID} session = podmanTest.Podman(commonArgs) session.WaitWithDefaultTimeout() @@ -89,6 +90,12 @@ var _ = Describe("Podman update", func() { Expect(session).Should(Exit(0)) Expect(session.OutputToString()).Should(ContainSubstring("123")) + // checking pids-limit + session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/pids/pids.max"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).Should(ContainSubstring("123")) + }) It("podman update container all options v2", func() { @@ -114,6 +121,7 @@ var _ = Describe("Podman update", func() { "--device-write-bps", "/dev/zero:10mb", "--device-read-iops", "/dev/zero:1000", "--device-write-iops", "/dev/zero:1000", + "--pids-limit", "123", ctrID} session = podmanTest.Podman(commonArgs) @@ -169,6 +177,12 @@ var _ = Describe("Podman update", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToString()).Should(ContainSubstring("5")) + + // checking pids-limit + session = podmanTest.Podman([]string{"exec", "-it", ctrID, "cat", "/sys/fs/cgroup/pids.max"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).Should(ContainSubstring("123")) }) It("podman update keep original resources if not overridden", func() {