Uploaded image for project: 'Container Tools'
  1. Container Tools
  2. RUN-2859

[containers/podman] Podman REST API /libpod/containers/create "r_limits" is type integer <uint64>

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • rhel-container-tools
    • RUN 270

      [2753541970] Upstream Reporter: jgperin
      Upstream issue status: Closed
      Upstream description:

      Issue Description

      https://docs.podman.io/en/latest/_static/api.html#tag/containers/operation/ContainerCreateLibpod

      r_limits

      hard integer Hard is the hard limit for the specified type

      soft integer Soft is the soft limit for the specified type

      There is no direct reference to Ulimits.

      https://github.com/containers/podman/pull/19879

      In PR 19879 Podman added support for passing Ulimits as -1 to mean min / max

      Steps to reproduce the issue

      /podman-py containers_create https://github.com/containers/podman-py/blob/main/podman/domain/containers_create.py

              for item in args.pop("ulimits", []):
                  params["r_limits"].append(
                      {
                          "type": item["Name"],
                          "hard": item["Hard"],
                          "soft": item["Soft"],
                      }
                  )

      Code Example

      client.containers.create(image=img, command=['/bin/bash'], ulimits=[{"Name": "memlock", "Soft": -1, "Hard": -1}])

      Describe the results you received

      podman.errors.exceptions.APIError: 500 Server Error: Internal Server Error (decode(): json: cannot unmarshal number -1 into Go struct field POSIXRlimit.r_limits.hard of type uint64)

      Describe the results you expected

      Expected successful creation of container with memlock min/max set to maximum values.

      podman info output

      [root@omitted]# podman info
      host:   arch: amd64
        buildahVersion: 1.33.11
        cgroupControllers:   - cpuset
        - cpu
        - cpuacct
        - blkio
        - memory
        - devices
        - freezer
        - net_cls
        - perf_event
        - net_prio
        - hugetlb
        - pids
        - rdma
        cgroupManager: systemd
        cgroupVersion: v1
        conmon:     package: conmon-2.1.10-1.module+el8.10.0+90449+0b7c8529.x86_64
          path: /usr/bin/conmon
          version: 'conmon version 2.1.10, commit: 753128cb76d643886a978dba99fab8017289372d'
        cpuUtilization:     idlePercent: 99.97
          systemPercent: 0.01
          userPercent: 0.02
        cpus: 56
        databaseBackend: sqlite
        distribution:     distribution: ol
          variant: server
          version: "8.3"
        eventLogger: file
        freeLocks: 2047
        hostname: omitted
        idMappings:     gidmap: null
          uidmap: null
        kernel: 5.4.17-2011.7.4.el8uek.x86_64
        linkmode: dynamic
        logDriver: k8s-file
        memFree: 142581444608
        memTotal: 200959377408
        networkBackend: cni
        networkBackendInfo:     backend: cni
          dns:       package: podman-plugins-4.9.4-18.0.1.module+el8.10.0+90449+0b7c8529.x86_64
            path: /usr/libexec/cni/dnsname
            version: |-
              CNI dnsname plugin
              version: 1.4.0-dev
              commit: unknown
              CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0
          package: containernetworking-plugins-1.4.0-5.module+el8.10.0+90449+0b7c8529.x86_64
          path: /usr/libexec/cni
        ociRuntime:     name: runc
          package: runc-1.1.12-5.module+el8.10.0+90449+0b7c8529.x86_64
          path: /usr/bin/runc
          version: |-
            runc version 1.1.12
            spec: 1.0.2-dev
            go: go1.22.7 (Red Hat 1.22.7-1.module+el8.10.0+90426+810ab996)
            libseccomp: 2.5.2
        os: linux
        pasta:     executable: ""
          package: ""
          version: ""
        remoteSocket:     exists: true
          path: /run/podman/podman.sock
        security:     apparmorEnabled: false
          capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
          rootless: false
          seccompEnabled: true
          seccompProfilePath: /usr/share/containers/seccomp.json
          selinuxEnabled: false
        serviceIsRemote: false
        slirp4netns:     executable: /bin/slirp4netns
          package: slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.x86_64
          version: |-
            slirp4netns version 1.2.0
            commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
            libslirp: 4.4.0
            SLIRP_CONFIG_VERSION_MAX: 3
            libseccomp: 2.5.2
        swapFree: 4294963200
        swapTotal: 4294963200
        uptime: 1341h 26m 16.00s (Approximately 55.88 days)
        variant: ""
      plugins:   authorization: null
        log:   - k8s-file
        - none
        - passthrough
        - journald
        network:   - bridge
        - macvlan
        - ipvlan
        volume:   - local
      registries:   search:   - container-registry.oracle.com
        - docker.io
      store:   configFile: /etc/containers/storage.conf
        containerStore:     number: 1
          paused: 0
          running: 1
          stopped: 0
        graphDriverName: overlay
        graphOptions:     overlay.mountopt: nodev,metacopy=on
        graphRoot: /var/lib/containers/storage
        graphRootAllocated: 75125227520
        graphRootUsed: 63892619264
        graphStatus:     Backing Filesystem: xfs
          Native Overlay Diff: "false"
          Supports d_type: "true"
          Supports shifting: "false"
          Supports volatile: "false"
          Using metacopy: "true"
        imageCopyTmpDir: /var/tmp
        imageStore:     number: 33
        runRoot: /run/containers/storage
        transientStore: false
        volumePath: /var/lib/containers/storage/volumes
      version:   APIVersion: 4.9.4-rhel
        Built: 1732729681
        BuiltTime: Wed Nov 27 17:48:01 2024
        GitCommit: ""
        GoVersion: go1.22.7 (Red Hat 1.22.7-1.module+el8.10.0+90426+810ab996)
        Os: linux
        OsArch: linux/amd64
        Version: 4.9.4-rhel
      

      Podman in a container

      Yes

      Privileged Or Rootless

      Privileged

      Upstream Latest Release

      Yes

      Additional environment details

      Additional environment details

      Additional information

      Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting


      Upstream URL: https://github.com/containers/podman/issues/24886

              jrodak Jan Rodák
              upstream-sync Upstream Sync
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: