4:23 p.m.
On 3/24/21 15:47, Ed Haynes wrote:
I did try setting cgroups v2 in the grub bootline for 8.3 but then
podman dies with a separate error
Error: Default OCI runtime "crun" not found: invalid argument
Yup you need to get crun on to the box, but I am not sure if that exists
in RHEL8.3, will definitely be there in RHEL8.4
yum install crun
On Wed, Mar 24, 2021 at 3:14 PM Daniel Walsh <dwalsh(a)redhat.com
<mailto:dwalsh@redhat.com>> wrote:
Rootless pids-limit requires cgroups V2.
We probably should add info to the man page.
On 3/24/21 10:36, Ed Haynes wrote:
> I'd like to limit the number of pids a container can consume on
> RHEL 8.3 to provide protection against things like bash fork
> bombs. Ideally I would want to do this in a rootless container
> but when I do
>
> $ podman run -it -u user1 --pids-limit 42 frog
>
> I get:
>
> Error: container_linux.go:370: starting container process caused:
> process_linux.go:459: container init caused:
> process_linux.go:422: setting cgroup config for procHooks process
> caused: cannot set pids limit: container could not join or create
> cgroup: OCI runtime error
>
> I can however run the same podman command as root without issue.
>
> Is there a method to do this as non root? Or a better solution
> using systemd?
>
> Thanks, Ed
>
> --
> Ed Haynes
>
> SOLUTIONS ARCHITECT
>
> Red Hat <https://www.redhat.com/>
>
> ehaynes(a)redhat.com <mailto:ehaynes@redhat.com> *M: (978)-551-0057 *
>
>
> TRIED. TESTED. TRUSTED.
>
> _______________________________________________
> Podman mailing list --podman(a)lists.podman.io
<mailto:podman@lists.podman.io>
> To unsubscribe send an email topodman-leave(a)lists.podman.io
<mailto:podman-leave@lists.podman.io>
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
<mailto:podman@lists.podman.io>
To unsubscribe send an email to podman-leave(a)lists.podman.io
<mailto:podman-leave@lists.podman.io>
--
Ed Haynes
SOLUTIONS ARCHITECT
Red Hat <https://www.redhat.com/>
ehaynes(a)redhat.com <mailto:ehaynes@redhat.com> *M: (978)-551-0057 *
TRIED. TESTED. TRUSTED.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io