RFR: JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups [v6]

Severin Gehwolf sgehwolf at openjdk.java.net
Fri Jul 23 08:43:04 UTC 2021 

On Fri, 23 Jul 2021 06:49:15 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Minor adjustments, handling of Unlimited
>
>> @MBaesken Thanks. We need a solution for [#4518 (comment)](https://github.com/openjdk/jdk/pull/4518#issuecomment-882637594) though. `--pids-limit=-1` doesn't seem to make it unlimited on all container runtimes. For example it fails for me here with:
>> 
>> ```
>> $ docker --version
>> Docker version 20.10.6, build 370c289
>> ```
> 
> Hi Severin, that's a pity and looks like a bug, because the docker documentation says 
> https://docs.docker.com/engine/reference/commandline/run/
> 
> <html>
> <body>
> 
> 
> --pids-limit |   | Tune container pids limit (set -1 for unlimited)
> -- | -- | --
> 
> 
> 
> </body>
> </html>
> 
> Do you have an idea what to set with docker 20 on your setup?  I did not find much about this in the docker 20 release notes https://docs.docker.com/engine/release-notes/ .

> > @MBaesken Thanks. We need a solution for [#4518 (comment)](https://github.com/openjdk/jdk/pull/4518#issuecomment-882637594) though. `--pids-limit=-1` doesn't seem to make it unlimited on all container runtimes. For example it fails for me here with:
> > ```
> > $ docker --version
> > Docker version 20.10.6, build 370c289
> > ```
> 
> Hi Severin, that's a pity and looks like a bug, because the docker documentation says
> https://docs.docker.com/engine/reference/commandline/run/
> --pids-limit 	  	Tune container pids limit (set -1 for unlimited)
> 
> Do you have an idea what to set with docker 20 on your setup? I did not find much about this in the docker 20 release notes https://docs.docker.com/engine/release-notes/ .

No, I don't know what to do about it. All I can see it comes back with a pids limit of `38019` when set to `-1`. It does seem like a bug or an intentional setting so as to avoid fork bombs.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4518

More information about the core-libs-dev mailing list