Rootless pids-limit requires cgroups V2.

We probably should add info to the man page.

On 3/24/21 10:36, Ed Haynes wrote:
I'd like to limit the number of pids a container can consume on RHEL 8.3 to provide protection against things like bash fork bombs.  Ideally I would want to do this in a rootless container but when I do 

$ podman run -it -u user1 --pids-limit 42 frog

I get:

Error: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set pids limit: container could not join or create cgroup: OCI runtime error

I can however run the same podman command as root without issue.

Is there a method to do this as non root?  Or a better solution using systemd?

Thanks, Ed

--
Ed Haynes

SOLUTIONS ARCHITECT

ehaynes@redhat.com    M: (978)-551-0057    


TRIED. TESTED. TRUSTED.

_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io