cgroups/systemd: allow to set -1 as pids.limit

Currently, both systemd cgroup drivers (v1 and v2) only set "TasksMax" unit property if the value > 0, so there is no way to update the limit to -1 / unlimited / infinity / max. Since systemd driver is backed by fs driver, and both fs and fs2 set the limit of -1 properly, it works, but systemd still has the old value: # runc --systemd-cgroup update $CT --pids-limit 42 # systemctl show runc-$CT.scope | grep TasksMax TasksMax=42 # cat /sys/fs/cgroup/system.slice/runc-$CT.scope/pids.max 42 # ./runc --systemd-cgroup update $CT --pids-limit -1 # systemctl show runc-$CT.scope | grep TasksMax= TasksMax=42 # cat /sys/fs/cgroup/system.slice/runc-xx77.scope/pids.max max Fix by changing the condition to allow -1 as a valid value. NOTE other negative values are still being ignored by systemd drivers (as it was done before). I am not sure whether this is correct, or should we return an error. A test case is added. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-05-04 19:19:46 -07:00 · 2020-05-04 19:19:46 -07:00 · 59897367c4
parent 95413ecdb0
commit 59897367c4
3 changed files with 8 additions and 2 deletions
--- a/libcontainer/cgroups/systemd/v1.go
+++ b/libcontainer/cgroups/systemd/v1.go
@ -125,7 +125,7 @@ func genV1ResourcesProperties(c *configs.Cgroup) ([]systemdDbus.Property, error)
 			newProp("BlockIOWeight", uint64(c.Resources.BlkioWeight)))
 	}

-	if c.Resources.PidsLimit > 0 {
+	if c.Resources.PidsLimit > 0 || c.Resources.PidsLimit == -1 {
 		properties = append(properties,
 			newProp("TasksAccounting", true),
 			newProp("TasksMax", uint64(c.Resources.PidsLimit)))
--- a/libcontainer/cgroups/systemd/v2.go
+++ b/libcontainer/cgroups/systemd/v2.go
@ -92,7 +92,7 @@ func genV2ResourcesProperties(c *configs.Cgroup) ([]systemdDbus.Property, error)
 			newProp("CPUQuotaPerSecUSec", cpuQuotaPerSecUSec))
 	}

-	if c.Resources.PidsLimit > 0 {
+	if c.Resources.PidsLimit > 0 || c.Resources.PidsLimit == -1 {
 		properties = append(properties,
 			newProp("TasksAccounting", true),
 			newProp("TasksMax", uint64(c.Resources.PidsLimit)))
--- a/tests/integration/update.bats
+++ b/tests/integration/update.bats
@ -161,6 +161,12 @@ EOF
    check_cgroup_value "pids.max" 10
    check_systemd_value "TasksMax" 10

+    # unlimited
+    runc update test_update --pids-limit -1
+    [ "$status" -eq 0 ]
+    check_cgroup_value "pids.max" max
+    check_systemd_value "TasksMax" $SD_UNLIMITED
+
    # Revert to the test initial value via json on stdin
    runc update  -r - test_update <<EOF
 {