Skip to content

Commit 1e7e276

Browse files
mlaventuremlaventure
committed
Allow updating container pids limit
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
1 parent b6b70e5 commit 1e7e276

2 files changed

Lines changed: 30 additions & 2 deletions

File tree

tests/integration/update.bats

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,9 @@ function setup() {
3333
"blockio": {
3434
"blkioWeight": 1000
3535
},
36+
"pids": {
37+
"limit": 20
38+
},
3639
EOF
3740
)
3841
DATA=$(echo ${DATA} | sed 's/\n/\\n/g')
@@ -61,7 +64,7 @@ function check_cgroup_value() {
6164
wait_for_container 15 1 test_update
6265

6366
# get the cgroup paths
64-
for g in MEMORY CPUSET CPU BLKIO; do
67+
for g in MEMORY CPUSET CPU BLKIO PIDS; do
6568
base_path=$(grep "cgroup" /proc/self/mountinfo | gawk 'toupper($NF) ~ /\<'${g}'\>/ { print $5; exit }')
6669
eval CGROUP_${g}="${base_path}/runc-update-integration-test"
6770
done
@@ -78,6 +81,7 @@ function check_cgroup_value() {
7881
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
7982
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
8083
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
84+
check_cgroup_value $CGROUP_PIDS "pids.max" 20
8185

8286
# update blkio-weight
8387
runc update test_update --blkio-weight 500
@@ -160,6 +164,11 @@ function check_cgroup_value() {
160164
[ "$status" -eq 0 ]
161165
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 41943040
162166

167+
# update pids limit
168+
runc update test_update --pids-limit 10
169+
[ "$status" -eq 0 ]
170+
check_cgroup_value $CGROUP_PIDS "pids.max" 10
171+
163172
# Revert to the test initial value via json on stding
164173
runc update -r - test_update <<EOF
165174
{
@@ -177,6 +186,9 @@ function check_cgroup_value() {
177186
},
178187
"blockIO": {
179188
"blkioWeight": 1000
189+
},
190+
"pids": {
191+
"limit": 20
180192
}
181193
}
182194
EOF
@@ -190,11 +202,13 @@ EOF
190202
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
191203
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
192204
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
205+
check_cgroup_value $CGROUP_PIDS "pids.max" 20
193206

194207
# redo all the changes at once
195208
runc update test_update --blkio-weight 500 \
196209
--cpu-period 900000 --cpu-quota 600000 --cpu-share 200 --memory 67108864 \
197-
--memory-reservation 33554432 --kernel-memory 50331648 --kernel-memory-tcp 41943040
210+
--memory-reservation 33554432 --kernel-memory 50331648 --kernel-memory-tcp 41943040 \
211+
--pids-limit 10
198212
[ "$status" -eq 0 ]
199213
check_cgroup_value $CGROUP_BLKIO "blkio.weight" 500
200214
check_cgroup_value $CGROUP_CPU "cpu.cfs_period_us" 900000
@@ -204,6 +218,7 @@ EOF
204218
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 41943040
205219
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 67108864
206220
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 33554432
221+
check_cgroup_value $CGROUP_PIDS "pids.max" 10
207222

208223
# reset to initial test value via json file
209224
DATA=$(cat <<"EOF"
@@ -222,6 +237,9 @@ EOF
222237
},
223238
"blockIO": {
224239
"blkioWeight": 1000
240+
},
241+
"pids": {
242+
"limit": 20
225243
}
226244
}
227245
EOF
@@ -239,6 +257,7 @@ EOF
239257
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
240258
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
241259
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
260+
check_cgroup_value $CGROUP_PIDS "pids.max" 20
242261
}
243262

244263
@test "update rt period and runtime" {

update.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,10 @@ other options are ignored.
108108
Name: "memory-swap",
109109
Usage: "Total memory usage (memory + swap); set '-1' to enable unlimited swap",
110110
},
111+
cli.IntFlag{
112+
Name: "pids-limit",
113+
Usage: "Maximum number of pids allowed in the container",
114+
},
111115
},
112116
Action: func(context *cli.Context) error {
113117
if err := checkArgs(context, 1, exactArgs); err != nil {
@@ -138,6 +142,9 @@ other options are ignored.
138142
BlockIO: &specs.LinuxBlockIO{
139143
Weight: u16Ptr(0),
140144
},
145+
Pids: &specs.LinuxPids{
146+
Limit: 0,
147+
},
141148
}
142149

143150
config := container.Config()
@@ -228,6 +235,7 @@ other options are ignored.
228235
*pair.dest = uint64(v)
229236
}
230237
}
238+
r.Pids.Limit = int64(context.Int("pids-limit"))
231239
}
232240

233241
// Update the value
@@ -244,6 +252,7 @@ other options are ignored.
244252
config.Cgroups.Resources.Memory = *r.Memory.Limit
245253
config.Cgroups.Resources.MemoryReservation = *r.Memory.Reservation
246254
config.Cgroups.Resources.MemorySwap = *r.Memory.Swap
255+
config.Cgroups.Resources.PidsLimit = r.Pids.Limit
247256

248257
return container.Set(config)
249258
},

0 commit comments

Comments
 (0)