[2672344019] Upstream Reporter: Jan Rodák
Upstream issue status: Closed
Upstream description:

Issue Description

If a container has a resource configuration set and is updated with the podman update command, the current resource configuration is replaced with a new resource configuration that does not reflect the previous configuration. Thus, if you change a single resource configuration field with podman update, the other fieald of resource configuration is set to its default values. See the reproducer example.

Steps to reproduce the issue

Steps to reproduce the issue

1. podman run -dt --pids-limit 1024 --name hc1 quay.io/libpod/alpine:latest top
2. podman inspect hc1 --format {{.HostConfig.PidsLimit}}
   • Printed value: 1024
3. podman update hc1 --memory 100Mb (You can change any other resource of your choice)
4. podman inspect hc1 --format {{.HostConfig.Memory}}
   • Printed value: 104857600
5. podman inspect hc1 --format {{.HostConfig.PidsLimit}}
   • This should print the value 1024 but the value is 0

For this reproduction, you can choose any of the podman update resource flags.

Describe the results you received

After the last podman update the memory is set to 104857600 and PidsLimit is 0.

Describe the results you expected

After the last podman update the memory is set to 104857600 and the PidsLimit is 1024.

podman info output

host:   arch: arm64
  buildahVersion: 1.37.5
  cgroupControllers:   - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:     package: conmon-2.1.12-2.fc40.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: '
  cpuUtilization:     idlePercent: 96.98
    systemPercent: 0.51
    userPercent: 2.51
  cpus: 6
  databaseBackend: sqlite
  distribution:     distribution: fedora
    variant: workstation
    version: "40"
  eventLogger: journald
  freeLocks: 2047
  hostname: fedora
  idMappings:     gidmap:     - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
    uidmap:     - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
  kernel: 6.11.7-200.fc40.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 3495309312
  memTotal: 8296726528
  networkBackend: netavark
  networkBackendInfo:     backend: netavark
    dns:       package: aardvark-dns-1.12.2-2.fc40.aarch64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.12.2
    package: netavark-1.12.2-1.fc40.aarch64
    path: /usr/libexec/podman/netavark
    version: netavark 1.12.2
  ociRuntime:     name: crun
    package: crun-1.17-1.fc40.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.17
      commit: 000fa0d4eeed8938301f3bcf8206405315bc1017
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:     executable: /usr/bin/pasta
    package: passt-0^20241030.gee7d0b6-1.fc40.aarch64
    version: |
      pasta 0^20241030.gee7d0b6-1.fc40.aarch64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:     exists: false
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:     apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:     executable: ""
    package: ""
    version: ""
  swapFree: 8296329216
  swapTotal: 8296329216
  uptime: 0h 19m 42.00s
  variant: v8
plugins:   authorization: null
  log:   - k8s-file
  - none
  - passthrough
  - journald
  network:   - bridge
  - macvlan
  - ipvlan
  volume:   - local
registries:   search:   - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
store:   configFile: /home/jrodak/.config/containers/storage.conf
  containerStore:     number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/jrodak/.local/share/containers/storage
  graphRootAllocated: 67014492160
  graphRootUsed: 13588926464
  graphStatus:     Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:     number: 3
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/jrodak/.local/share/containers/storage/volumes
version:   APIVersion: 5.2.5
  Built: 1729814400
  BuiltTime: Fri Oct 25 02:00:00 2024
  GitCommit: ""
  GoVersion: go1.22.7
  Os: linux
  OsArch: linux/arm64
  Version: 5.2.5

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

It was found here.