[2753541970] Upstream Reporter: jgperin
Upstream issue status: Closed
Upstream description:

Issue Description

https://docs.podman.io/en/latest/_static/api.html#tag/containers/operation/ContainerCreateLibpod

r_limits

hard integer Hard is the hard limit for the specified type

soft integer Soft is the soft limit for the specified type

There is no direct reference to Ulimits.

https://github.com/containers/podman/pull/19879

In PR 19879 Podman added support for passing Ulimits as -1 to mean min / max

Steps to reproduce the issue

/podman-py containers_create https://github.com/containers/podman-py/blob/main/podman/domain/containers_create.py

        for item in args.pop("ulimits", []):
            params["r_limits"].append(
                {
                    "type": item["Name"],
                    "hard": item["Hard"],
                    "soft": item["Soft"],
                }
            )

Code Example

client.containers.create(image=img, command=['/bin/bash'], ulimits=[{"Name": "memlock", "Soft": -1, "Hard": -1}])

Describe the results you received

podman.errors.exceptions.APIError: 500 Server Error: Internal Server Error (decode(): json: cannot unmarshal number -1 into Go struct field POSIXRlimit.r_limits.hard of type uint64)

Describe the results you expected

Expected successful creation of container with memlock min/max set to maximum values.

podman info output

[root@omitted]# podman info
host:   arch: amd64
  buildahVersion: 1.33.11
  cgroupControllers:   - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - hugetlb
  - pids
  - rdma
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:     package: conmon-2.1.10-1.module+el8.10.0+90449+0b7c8529.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: 753128cb76d643886a978dba99fab8017289372d'
  cpuUtilization:     idlePercent: 99.97
    systemPercent: 0.01
    userPercent: 0.02
  cpus: 56
  databaseBackend: sqlite
  distribution:     distribution: ol
    variant: server
    version: "8.3"
  eventLogger: file
  freeLocks: 2047
  hostname: omitted
  idMappings:     gidmap: null
    uidmap: null
  kernel: 5.4.17-2011.7.4.el8uek.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 142581444608
  memTotal: 200959377408
  networkBackend: cni
  networkBackendInfo:     backend: cni
    dns:       package: podman-plugins-4.9.4-18.0.1.module+el8.10.0+90449+0b7c8529.x86_64
      path: /usr/libexec/cni/dnsname
      version: |-
        CNI dnsname plugin
        version: 1.4.0-dev
        commit: unknown
        CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0
    package: containernetworking-plugins-1.4.0-5.module+el8.10.0+90449+0b7c8529.x86_64
    path: /usr/libexec/cni
  ociRuntime:     name: runc
    package: runc-1.1.12-5.module+el8.10.0+90449+0b7c8529.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.12
      spec: 1.0.2-dev
      go: go1.22.7 (Red Hat 1.22.7-1.module+el8.10.0+90426+810ab996)
      libseccomp: 2.5.2
  os: linux
  pasta:     executable: ""
    package: ""
    version: ""
  remoteSocket:     exists: true
    path: /run/podman/podman.sock
  security:     apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:     executable: /bin/slirp4netns
    package: slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.x86_64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 4294963200
  swapTotal: 4294963200
  uptime: 1341h 26m 16.00s (Approximately 55.88 days)
  variant: ""
plugins:   authorization: null
  log:   - k8s-file
  - none
  - passthrough
  - journald
  network:   - bridge
  - macvlan
  - ipvlan
  volume:   - local
registries:   search:   - container-registry.oracle.com
  - docker.io
store:   configFile: /etc/containers/storage.conf
  containerStore:     number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions:     overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 75125227520
  graphRootUsed: 63892619264
  graphStatus:     Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "false"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:     number: 33
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:   APIVersion: 4.9.4-rhel
  Built: 1732729681
  BuiltTime: Wed Nov 27 17:48:01 2024
  GitCommit: ""
  GoVersion: go1.22.7 (Red Hat 1.22.7-1.module+el8.10.0+90426+810ab996)
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4-rhel

Podman in a container

Yes

Privileged Or Rootless

Privileged

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting