vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add support for container pids limit

Browse source 
We add a daemon level setting and will add a container
override once it is supported in CRI.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
This commit is contained in:
Mrunal Patel 2017-07-07 14:43:35 -07:00
parent e949508b17
commit e49dd34657
4 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
server/container_create.go
View file

@ -19,6 +19,7 @@ import (
"github.com/kubernetes-incubator/cri-o/server/apparmor"
"github.com/kubernetes-incubator/cri-o/server/seccomp"
"github.com/opencontainers/image-spec/specs-go/v1"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/opencontainers/runc/libcontainer/devices"
"github.com/opencontainers/runc/libcontainer/user"
rspec "github.com/opencontainers/runtime-spec/specs-go"
@ -673,6 +674,12 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
}
}
// Set up pids limit if pids cgroup is mounted
_, err = cgroups.FindCgroupMountpoint("pids")
if err == nil {
specgen.SetLinuxResourcesPidsLimit(s.config.PidsLimit)
}
// by default, the root path is an empty string. set it now.
specgen.SetRootPath(mountPoint)