A repro
- Prepare a bundle and a spec. Amend the config.json with
in the linux.resources section, and a long-lived process such as sleep.
- Start the container:
# runc --systemd-cgroup run -d keke
- Check its pids limit in cgroups scope, as well as in cgroupfs:
# systemctl show runc-keke.scope | grep 'Task'
TasksCurrent=2
TasksAccounting=yes
TasksMax=55
# cat /sys/fs/cgroup/system.slice/runc-keke.scope/pids.max
55
- Update the limit:
# runc --systemd-cgroup update keke --pids-limit 66
- Check again:
# systemctl show runc-keke.scope | grep 'Task'
TasksCurrent=2
TasksAccounting=yes
TasksMax=55
# cat /sys/fs/cgroup/system.slice/runc-keke.scope/pids.max
66
As we can see, the kernel and the systemd is now in disagreement about the limit.
- Check that the limit can in principal be updated:
# systemctl show runc-keke.scope | grep 'Task'
TasksCurrent=2
TasksAccounting=yes
TasksMax=77
DropInPaths=/run/systemd/transient/runc-keke.scope.d/50-TasksMax.conf
# cat /sys/fs/cgroup/system.slice/runc-keke.scope/pids.max
77
In the above example, we set/check/update pids.limit, but all the other resources behave in a similar way.
The cause of this is Set() method of systemd.UnifiedManager, which only uses fsManager to set the updated values.
A repro
in the
linux.resourcessection, and a long-lived process such as sleep.# runc --systemd-cgroup run -d keke# runc --systemd-cgroup update keke --pids-limit 66As we can see, the kernel and the systemd is now in disagreement about the limit.
In the above example, we set/check/update pids.limit, but all the other resources behave in a similar way.
The cause of this is
Set()method ofsystemd.UnifiedManager, which only uses fsManager to set the updated values.