chore: add PidLimit option

Signed-off-by: Arjun Raja Yogidas <[email protected]>

Author: coderbirju

api/handlers/container/create.go

@@ -136,7 +136,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 
 	// devices:
 	// devices are passed in as a map of DeviceMapping,
-	// but nerdctl expects an array of strings with format [devices1:VALUE1, devices2:VALUE2, ...].
+	// but nerdctl expects an array of strings with format [PathOnHost1:PathInContainer1:CgroupPermissions1, PathOnHost2:PathInContainer2:CgroupPermissions2, ...].
 	devices := []string{}
 	if req.HostConfig.Devices != nil {
 		for _, deviceMap := range req.HostConfig.Devices {
@@ -220,6 +220,10 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		securityOpt = req.HostConfig.SecurityOpt
 	}
 
+	pidLimit := int64(-1)
+	if req.HostConfig.PidsLimit > 0 {
+		pidLimit = req.HostConfig.PidsLimit
+	}
 	globalOpt := ncTypes.GlobalCommandOptions(*h.Config)
 	createOpt := ncTypes.ContainerCreateOptions{
 		Stdout:   nil,
@@ -254,7 +258,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		Memory:             memory,                           // memory limit (in bytes)
 		CPUQuota:           CpuQuota,                         // nerdctl default.
 		MemorySwappiness64: memorySwappiness,                 // Tuning container memory swappiness behaviour
-		PidsLimit:          -1,                               // nerdctl default.
+		PidsLimit:          pidLimit,                         // PidsLimit specifies the tune container pids limit
 		Cgroupns:           defaults.CgroupnsMode(),          // nerdctl default.
 		BlkioWeight:        req.HostConfig.BlkioWeight,       // block IO weight (relative)
 		CPUPeriod:          uint64(req.HostConfig.CPUPeriod), // CPU CFS (Completely Fair Scheduler) period

api/handlers/container/create_test.go

@@ -744,17 +744,19 @@ var _ = Describe("Container Create API ", func() {
 			Expect(rr.Body).Should(MatchJSON(jsonResponse))
 		})
 
-		It("should set Devices option", func() {
+		It("should set Devices and PidLimit option", func() {
 			body := []byte(`{
 				"Image": "test-image",
 				"HostConfig": {
-					"Devices": [{"PathOnHost": "/dev/null", "PathInContainer": "/dev/null", "CgroupPermissions": "rwm"},{"PathOnHost": "/var/lib", "CgroupPermissions": "ro"}]
+					"Devices": [{"PathOnHost": "/dev/null", "PathInContainer": "/dev/null", "CgroupPermissions": "rwm"},{"PathOnHost": "/var/lib", "CgroupPermissions": "ro"}],
+					"PidsLimit": 200
 				}
 			}`)
 			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))
 
 			// expected create options
 			createOpt.Device = []string{"/dev/null:/dev/null:rwm", "/var/lib:ro"}
+			createOpt.PidsLimit = 200
 
 			service.EXPECT().Create(gomock.Any(), "test-image", nil, equalTo(createOpt), equalTo(netOpt)).Return(
 				cid, nil)

api/types/container_types.go

@@ -115,6 +115,7 @@ type ContainerHostConfig struct {
 	Ulimits     []*Ulimit       // List of ulimits to be set in the container
 	BlkioWeight uint16          // Block IO weight (relative weight vs. other containers)
 	Devices     []DeviceMapping // List of devices to map inside the container
+	PidsLimit   int64           // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change.
 	// Mounts specs used by the container
 	// TODO: Mounts []mount.Mount `json:",omitempty"`