diff --git a/libcontainer/configs/cgroup_linux.go b/libcontainer/configs/cgroup_linux.go index 4a34cf76fc5..cbe970672e3 100644 --- a/libcontainer/configs/cgroup_linux.go +++ b/libcontainer/configs/cgroup_linux.go @@ -90,7 +90,7 @@ type Resources struct { // cgroup SCHED_IDLE CPUIdle *int64 `json:"cpu_idle,omitempty"` - // Process limit; set <= `0' to disable limit. + // Maximum number of tasks; 0 for unset, -1 for max/unlimited. PidsLimit int64 `json:"pids_limit"` // Specifies per cgroup weight, range is from 10 to 1000. diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index c5553832776..7e0f069dce8 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -775,8 +775,14 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi c.Resources.CpusetMems = r.CPU.Mems c.Resources.CPUIdle = r.CPU.Idle } + // Convert pids limit from the runtime-spec value (where any value <= 0 means "unlimited") + // to internal runc value (where -1 is "unlimited", and 0 is "unset"). if r.Pids != nil { - c.Resources.PidsLimit = r.Pids.Limit + if r.Pids.Limit > 0 { + c.Resources.PidsLimit = r.Pids.Limit + } else { + c.Resources.PidsLimit = -1 + } } if r.BlockIO != nil { if r.BlockIO.Weight != nil { diff --git a/man/runc-update.8.md b/man/runc-update.8.md index 0e95d85ded1..3b54f9785b3 100644 --- a/man/runc-update.8.md +++ b/man/runc-update.8.md @@ -85,7 +85,7 @@ stdin. If this option is used, all other options are ignored. (i.e. use unlimited swap). **--pids-limit** _num_ -: Set the maximum number of processes allowed in the container. +: Set the maximum number of tasks. Use **-1** for unlimited. **--l3-cache-schema** _value_ : Set the value for Intel RDT/CAT L3 cache schema. diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 8c59d205118..6e553de0835 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -263,6 +263,20 @@ convert_hugetlb_size() { done } +# https://github.com/opencontainers/runc/issues/4014. +@test "runc run (pids.limit=0 means unlimited)" { + [ $EUID -ne 0 ] && requires rootless_cgroup + + set_cgroups_path + update_config '.linux.resources.pids.limit |= 0' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_pids + [ "$status" -eq 0 ] + check_cgroup_value "pids.max" "max" + # systemd < v227 shows UINT64_MAX instead of "infinity". + check_systemd_value "TasksMax" "infinity" "18446744073709551615" +} + @test "runc run (cgroup v2 resources.unified only)" { requires root cgroups_v2 diff --git a/update.go b/update.go index fc2d656abbf..7a390a6c94f 100644 --- a/update.go +++ b/update.go @@ -122,11 +122,11 @@ other options are ignored. }, cli.StringFlag{ Name: "memory-swap", - Usage: "Total memory usage (memory + swap); set '-1' to enable unlimited swap", + Usage: "Total memory usage (memory + swap); use '-1' to enable unlimited swap", }, cli.IntFlag{ Name: "pids-limit", - Usage: "Maximum number of pids allowed in the container", + Usage: "Maximum number of tasks; use '-1' for unlimited", }, cli.StringFlag{ Name: "l3-cache-schema",