From 8d2c7a9aaa50d4c1298ec88296ad2aed90792487 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 27 Feb 2025 12:35:47 +1100 Subject: [PATCH] linux: clarify pids cgroup settings While the original wording did not provide any justification for this, some runtimes have incorrectly treated a pids.limit value of 0 as being equivalent to "max" or otherwise handle it suboptimally. So, add some clarifying wording that the correct representation of max is -1 (like every other cgroup configuration) and that users should not treat 0 as a special value of any kind. Note that a pids.limit value of 0 is actually different to 1 now that CLONE_INTO_CGROUP exists (at the time pids was added to the kernel and the spec, this feature didn't exist and so it may have seemed redundant to have two equivalent values). Signed-off-by: Aleksa Sarai --- config-linux.md | 4 +++- specs-go/config.go | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/config-linux.md b/config-linux.md index ddc30ac4d..c354f74f4 100644 --- a/config-linux.md +++ b/config-linux.md @@ -564,7 +564,9 @@ For more information, see the kernel cgroups documentation about [pids][cgroup-v The following parameters can be specified to set up the controller: -* **`limit`** *(int64, REQUIRED)* - specifies the maximum number of tasks in the cgroup +* **`limit`** *(int64, REQUIRED)* - specifies the maximum number of tasks in the cgroup, with `-1` indicating no limit (`max`). + +> Note: Even though it superficially seems redundant, `0` is a valid limit value for the `pids` cgroup controller and SHOULD NOT be treated as a special value. #### Example diff --git a/specs-go/config.go b/specs-go/config.go index 1aa0693b5..60c028909 100644 --- a/specs-go/config.go +++ b/specs-go/config.go @@ -430,7 +430,7 @@ type LinuxCPU struct { // LinuxPids for Linux cgroup 'pids' resource management (Linux 4.3) type LinuxPids struct { // Maximum number of PIDs. Default is "no limit". - Limit int64 `json:"limit"` + Limit *int64 `json:"limit,omitempty"` } // LinuxNetwork identification and priority configuration