3:11 p.m.
Rootless pids-limit requires cgroups V2.
We probably should add info to the man page.
On 3/24/21 10:36, Ed Haynes wrote:
I'd like to limit the number of pids a container can consume on
RHEL
8.3 to provide protection against things like bash fork bombs.
Ideally I would want to do this in a rootless container but when I do
$ podman run -it -u user1 --pids-limit 42 frog
I get:
Error: container_linux.go:370: starting container process caused:
process_linux.go:459: container init caused: process_linux.go:422:
setting cgroup config for procHooks process caused: cannot set pids
limit: container could not join or create cgroup: OCI runtime error
I can however run the same podman command as root without issue.
Is there a method to do this as non root? Or a better solution using
systemd?
Thanks, Ed
--
Ed Haynes
SOLUTIONS ARCHITECT
Red Hat <https://www.redhat.com/>
ehaynes(a)redhat.com <mailto:ehaynes@redhat.com> *M: (978)-551-0057 *
TRIED. TESTED. TRUSTED.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io