On 3/24/21 15:47, Ed Haynes wrote:
I did try setting cgroups v2 in the grub bootline for 8.3 but then podman dies with a separate error

Error:  Default OCI runtime "crun" not found: invalid argument


Yup you need to get crun on to the box, but I am not sure if that exists in RHEL8.3, will definitely be there in RHEL8.4

yum install crun



On Wed, Mar 24, 2021 at 3:14 PM Daniel Walsh <dwalsh@redhat.com> wrote:
Rootless pids-limit requires cgroups V2.

We probably should add info to the man page.

On 3/24/21 10:36, Ed Haynes wrote:
I'd like to limit the number of pids a container can consume on RHEL 8.3 to provide protection against things like bash fork bombs.  Ideally I would want to do this in a rootless container but when I do 

$ podman run -it -u user1 --pids-limit 42 frog

I get:

Error: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set pids limit: container could not join or create cgroup: OCI runtime error

I can however run the same podman command as root without issue.

Is there a method to do this as non root?  Or a better solution using systemd?

Thanks, Ed

--
Ed Haynes

SOLUTIONS ARCHITECT

ehaynes@redhat.com    M: (978)-551-0057    


TRIED. TESTED. TRUSTED.

_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io


_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io


--
Ed Haynes

SOLUTIONS ARCHITECT

ehaynes@redhat.com    M: (978)-551-0057    


TRIED. TESTED. TRUSTED.

_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io