Skip to content

config: switch PidsLimit to *int64 #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

config: switch PidsLimit to *int64 #48

wants to merge 2 commits into from
+150 −27

Conversation

@cyphar
Copy link
Member

@cyphar cyphar commented Oct 22, 2025

Previously we would treat a value of "0" as meaning "no-op", which lead
to quite a bit of confusion. The runtime-spec has been updated to make
the "pids.limit" value a pointer, and explicitly state that:

  • Values >= 0 should be treated as normal values; and
  • -1 indicates "max".

In practice this means we should switch PidsLimit to an *int64. Luckily,
this is actually backwards-compatible with our previous JSON -- an old
value of "0" would be omitted from the output, which will now be parsed
as "nil". The handling by our cgroup code would be identical but the
latter now correctly reflects the guidance by the runtime-spec.

Ref: opencontainers/runc#4014
Ref: opencontainers/runtime-spec#1279
Signed-off-by: Aleksa Sarai [email protected]

@cyphar cyphar mentioned this pull request Oct 22, 2025
Draft
@cyphar cyphar marked this pull request as draft October 23, 2025 00:55
kolyshkin
kolyshkin requested changes Oct 24, 2025
View reviewed changes
kolyshkin
kolyshkin previously requested changes Oct 24, 2025
View reviewed changes
@cyphar cyphar force-pushed the pids-limit-0 branch 4 times, most recently from 6aa36c2 to 6a5011f Compare October 24, 2025 04:53
@cyphar cyphar requested a review from kolyshkin October 24, 2025 05:29
@cyphar cyphar dismissed kolyshkin’s stale review October 24, 2025 05:29

We now remap <0 to -1 and correctly handle some other annoying cases (TasksMax=0).

@cyphar
Copy link
Member Author

cyphar commented Oct 24, 2025

@kolyshkin This now passes in runc's CI, but since systemd doesn't support TasksMax=0 we need to remap 0 to 1 -- should we just do the same thing in the fs driver?

@cyphar cyphar marked this pull request as ready for review October 24, 2025 06:17
@cyphar cyphar added this to the 0.0.6 milestone Oct 24, 2025
@kolyshkin
Copy link
Contributor

@kolyshkin This now passes in runc's CI, but since systemd doesn't support TasksMax=0 we need to remap 0 to 1 -- should we just do the same thing in the fs driver?

I guess so, yes. Otherwise setting it to 0 will result in systemd driver writing 1 when fs driver writing 0, and after systemctl daemon-reload (or some such) systemd will write 1 again. Who knows what kernel might do in this case, so it's better not to oscillate between 1 and 0.

@cyphar
Copy link
Member Author

cyphar commented Oct 25, 2025

Okay, let's go with that then. I will add an implementors note to the runtime-spec...

cyphar added 2 commits October 26, 2025 01:42
@cyphar
config: switch PidsLimit to *int64
ae52e0c 
Previously we would treat a value of "0" as meaning "no-op", which lead
to quite a bit of confusion. The runtime-spec has been updated to make
the "pids.limit" value a pointer, and explicitly state that:

 * Values >= 0 should be treated as normal values; and
 * < 0 (usually -1) indicates "max".

In practice this means we should switch PidsLimit to an *int64. Luckily,
this is actually backwards-compatible with our previous JSON -- an old
value of "0" would be omitted from the output, which will now be parsed
as "nil". The handling by our cgroup code would be identical but the
latter now correctly reflects the guidance by the runtime-spec.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar
systemd: add TasksMax test
7c34f09 
Co-developed-by: Kir Kolyshkin <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar
Copy link
Member Author

cyphar commented Oct 25, 2025

Done!

kolyshkin
kolyshkin approved these changes Oct 26, 2025
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kolyshkin kolyshkin kolyshkin approved these changes

@thaJeztah thaJeztah Awaiting requested review from thaJeztah

@AkihiroSuda AkihiroSuda Awaiting requested review from AkihiroSuda

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.0.6

Development

Successfully merging this pull request may close these issues.

2 participants

@cyphar @kolyshkin