Skip to content

spec: linux: add support for the PIDs cgroup #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LK4D4 merged 1 commit into from
Sep 4, 2015
Merged

spec: linux: add support for the PIDs cgroup #64

LK4D4 merged 1 commit into from
Sep 4, 2015

Conversation

@cyphar
Copy link
Member

@cyphar cyphar commented Jul 8, 2015

Add support for the PIDs cgroup as a cgroup resource constraint in the
Linux container specification. Since PIDs are a real resource, we need
to support the ability to limit them.

The PIDs cgroup subsystem is available in Linux 4.3+.

Signed-off-by: Aleksa Sarai [email protected]

I realised while implementing opencontainers/runc#58 that if we want to
have PIDs support in the config.json we need to update the spec too.

@cyphar cyphar mentioned this pull request Jul 8, 2015
Merged
@cyphar
Copy link
Member Author

cyphar commented Jul 8, 2015

Please note that Linux 4.3 still hasn't hit, so I'd recommend abstaining from merging this until we actually hit 4.3-rc1 (which will be in 6 weeks or so), unless we're okay with merging a no-op configuration feature.

@lizf-os
Copy link
Contributor

lizf-os commented Jul 9, 2015

LGTM, but let's wait until upstream kernel merges the pids controller.

@mrunalp
Copy link
Contributor

mrunalp commented Jul 9, 2015

Thanks @cyphar. We will wait for the upstream.

@philips philips added this to the draft-next milestone Jul 9, 2015
@philips
Copy link
Contributor

philips commented Jul 9, 2015

I am marking this for the post-draft release in hopes it will be merged with no problems by then :)

mikedanese
mikedanese reviewed Jul 10, 2015
View reviewed changes
spec_linux.go Outdated
Copy link

@mikedanese mikedanese Jul 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the pid limit is not immutable, it might make sense to set to 0 for some use cases. Should we be restricting the input domain in the spec? What if I want an empty container to hold a network namespace for other containers to use? Are there use cases for containers without processes?

Copy link
Member Author

@cyphar cyphar Jul 11, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess that's a fair point. It does make it slightly annoying because the default value will have to be -1 (which means we can't do new(spec.Linux) without modifying it each time). I'll fix this later.

Copy link
Member Author

@cyphar cyphar Aug 26, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I'm not sure that you're right. In order for the PID limit to make sense, you have to have a process in the cgroup. Nothing stops you from attaching more processes to a cgroup, so it's illogical to claim that a PID limit of 0 has any real use. Combine that with the annoyance of not being able to do new(spec.Linux) or spec.Linux{}, and it's clear that a limit of 0 is not useful.

@cyphar
Copy link
Member Author

cyphar commented Sep 2, 2015

The PIDs changes have been merged into Linus' tree as of torvalds/linux@8bdc69b. I'll update this patch in a bit.

@vbatts
Copy link
Member

vbatts commented Sep 3, 2015

nicely

@cyphar
spec: linux: add support for the PIDs cgroup
834fb5d 
Add support for the PIDs cgroup as a cgroup resource constraint in the
Linux container specification. Since PIDs are a real resource, we need
to support the ability to limit them.

The PIDs cgroup subsystem is available in Linux 4.3+.

Signed-off-by: Aleksa Sarai <[email protected]>
@philips
Copy link
Contributor

philips commented Sep 4, 2015

merged upstream, lgtm.

@vbatts
Copy link
Member

vbatts commented Sep 4, 2015

Will some of these features set platform version boundaries?
On Sep 3, 2015 9:43 PM, "Brandon Philips" [email protected] wrote:

merged upstream, lgtm.


Reply to this email directly or view it on GitHub
#64 (comment).

@philips
Copy link
Contributor

philips commented Sep 4, 2015

@vbatts I feel it is sort of up to the runtime to decide whether it will/won't run something based on its configuration.

@vbatts
Copy link
Member

vbatts commented Sep 4, 2015

Fair
On Sep 3, 2015 9:45 PM, "Brandon Philips" [email protected] wrote:

@vbatts https://github.com/vbatts I feel it is sort of up to the
runtime to decide whether it will/won't run something based on its
configuration.


Reply to this email directly or view it on GitHub
#64 (comment).

@LK4D4
Copy link
Contributor

LK4D4 commented Sep 4, 2015

So, cool.
LGTM

LK4D4 added a commit that referenced this pull request Sep 4, 2015
@LK4D4
Merge pull request #64 from cyphar/add-pids-cgroup
527a3ee 
spec: linux: add support for the PIDs cgroup
@LK4D4 LK4D4 merged commit 527a3ee into opencontainers:master Sep 4, 2015
@cyphar cyphar deleted the add-pids-cgroup branch September 4, 2015 07:08
@crosbymichael crosbymichael modified the milestones: by-1.0.0, 1.0.0 May 25, 2016
@cyphar cyphar mentioned this pull request Feb 27, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

platforms/linux

Projects

None yet

Milestone

v1.0.0

Development

Successfully merging this pull request may close these issues.

8 participants

@cyphar @lizf-os @mrunalp @philips @vbatts @LK4D4 @mikedanese @crosbymichael