Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update:fix update pids-limit=0 error #3781

Merged
merged 1 commit into from
Jan 5, 2025
Merged

update:fix update pids-limit=0 error #3781

merged 1 commit into from
Jan 5, 2025

Conversation

ningmingxiao
Copy link
Contributor

@ningmingxiao ningmingxiao commented Dec 19, 2024
edited
Loading

when try nerdctl -n k8s.io update --cpuset-cpus 0-2 ffe
this code

nerdctl/cmd/nerdctl/container/container_update.go

Lines 327 to 329 in c41b394

if spec.Linux.Resources.Pids == nil {
spec.Linux.Resources.Pids = &runtimespec.LinuxPids{}
}

will make spec.Linux.Resources.Pids =0 it will not work on rust-shim(will cause rshim set pidlimit=0 goshim works well.).
https://github.com/containerd/rust-extensions
will cause

./nerdctl  -n k8s.io  exec  ffe  date
FATA[0000] Others("Other: OCI runtime exec failed: exec failed: unable to start container process: read init-p: connection reset by peer"): unknown

runc log 
runtime/cgo: pthread_create failed: Resource temporarily unavailable

SIGABRT: abort

PC=0x7f128ec969cf m=0 sigcode=18446744073709551610

@ningmingxiao ningmingxiao force-pushed the fix_update branch 3 times, most recently from ce0b396 to 857501d Compare December 19, 2024 12:21
@ningmingxiao ningmingxiao changed the title update:fix update error update:fix update pids-limit=0 error Dec 19, 2024
@ningmingxiao
Copy link
Contributor Author

fix: #3784

@ningmingxiao
Copy link
Contributor Author

@AkihiroSuda can you review this pr ,thank you?

@AkihiroSuda
Copy link
Member

Can we have a test?

@ningmingxiao ningmingxiao force-pushed the fix_update branch 3 times, most recently from 9fb9ccb to 8327370 Compare December 24, 2024 07:09
AkihiroSuda
AkihiroSuda approved these changes Dec 24, 2024
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@AkihiroSuda AkihiroSuda added this to the v2.0.3 milestone Dec 24, 2024
@ningmingxiao ningmingxiao force-pushed the fix_update branch 8 times, most recently from f22c6fc to b7e52ab Compare December 24, 2024 10:26
@ningmingxiao
Copy link
Contributor Author

Can we have a test?
done,thank you.

AkihiroSuda
AkihiroSuda reviewed Dec 25, 2024
View reviewed changes
cmd/nerdctl/container/container_run_cgroup_linux_test.go
func TestIssue3781(t *testing.T) {
t.Parallel()
testCase := nerdtest.Setup()
testCase.Require = test.Not(nerdtest.Docker)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

?

Copy link
Contributor Author

@ningmingxiao ningmingxiao Dec 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because i will use containerd client to get container id and use container.Spec(ctx) to get spec, this may fail with docker.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than depending on client.LoadContainer, can we just exec cat /sys/fs/cgroup/pids.max in the container?

Copy link
Contributor Author

@ningmingxiao ningmingxiao Dec 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

old nerdctl cat /sys/fs/cgroup/pids.max will not report error when use goshim. runc will ignore pids.max=0 see:opencontainers/runc#4566
It only effect rustshim. https://github.com/containerd/rust-extensions. rustshim wirte cgroup by rustshim itself.(go shim call runc to update source)

AkihiroSuda
AkihiroSuda approved these changes Jan 5, 2025
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@AkihiroSuda AkihiroSuda merged commit df40602 into containerd:main Jan 5, 2025
30 checks passed
@AkihiroSuda AkihiroSuda linked an issue Jan 6, 2025 that may be closed by this pull request
nerdctl update cause pids-limit =0 #3784
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.0.3
Development

Successfully merging this pull request may close these issues.

nerdctl update cause pids-limit =0
2 participants
@ningmingxiao @AkihiroSuda