I'd like to limit the number of pids a container can consume on RHEL 8.3 to provide protection against things like bash fork bombs. Ideally I would want to do this in a rootless container but when I do
$ podman run -it -u user1 --pids-limit 42 frog
I get:
Error: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set pids limit: container could not join or create cgroup: OCI runtime error
I can however run the same podman command as root without issue.
Is there a method to do this as non root? Or a better solution using systemd?
Thanks, Ed--
_______________________________________________ Podman mailing list -- podman@lists.podman.io To unsubscribe send an email to podman-leave@lists.podman.io