moby
diff --git a/‎api/swagger.yaml‎
Lines changed: 7 additions & 2 deletions b/‎api/swagger.yaml‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎api/types/container/host_config.go‎
Lines changed: 1 addition & 1 deletion b/‎api/types/container/host_config.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/types/types.go‎
Lines changed: 1 addition & 0 deletions b/‎api/types/types.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎container/container_unix.go‎
Lines changed: 3 additions & 0 deletions b/‎container/container_unix.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎container/container_windows.go‎
Lines changed: 1 addition & 1 deletion b/‎container/container_windows.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎daemon/daemon_unix.go‎
Lines changed: 16 additions & 2 deletions b/‎daemon/daemon_unix.go‎
Lines changed: 16 additions & 2 deletions
diff --git a/‎daemon/daemon_windows.go‎
Lines changed: 1 addition & 1 deletion b/‎daemon/daemon_windows.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎daemon/info_unix.go‎
Lines changed: 1 addition & 0 deletions b/‎daemon/info_unix.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎daemon/oci_linux.go‎
Lines changed: 1 addition & 3 deletions b/‎daemon/oci_linux.go‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎daemon/update_linux.go‎
Lines changed: 1 addition & 0 deletions b/‎daemon/update_linux.go‎
Lines changed: 1 addition & 0 deletions
@@ -460,9 +460,10 @@ definitions:
         type: "boolean"
         x-nullable: true
       PidsLimit:
-        description: "Tune a container's pids limit. Set -1 for unlimited."
+        description: "Tune a container's pids limit. Set 0 or -1 for unlimited. Leave null to not change"
         type: "integer"
         format: "int64"
+        x-nullable: true
       Ulimits:
         description: |
           A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
@@ -3689,6 +3690,10 @@ definitions:
           See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
         type: "boolean"
         example: true
+      PidsLimit:
+        description: "Indicates if the host kernel has PID limit support enabled."
+        type: "boolean"
+        example: true
       OomKillDisable:
         description: "Indicates if OOM killer disable is supported on the host."
         type: "boolean"
@@ -4625,7 +4630,7 @@ paths:
                 OomKillDisable: false
                 OomScoreAdj: 500
                 PidMode: ""
-                PidsLimit: -1
+                PidsLimit: 0
                 PortBindings:
                   22/tcp:
                     - HostPort: "11022"
 
@@ -334,7 +334,7 @@ type Resources struct {
 	MemorySwap           int64           // Total memory usage (memory + swap); set `-1` to enable unlimited swap
 	MemorySwappiness     *int64          // Tuning container memory swappiness behaviour
 	OomKillDisable       *bool           // Whether to disable OOM Killer or not
-	PidsLimit            int64           // Setting pids limit for a container
+	PidsLimit            *int64          // Setting pids limit for a container
 	Ulimits              []*units.Ulimit // List of ulimits to be set in the container
 
 	// Applicable to Windows
 
@@ -164,6 +164,7 @@ type Info struct {
 	CPUCfsQuota        bool `json:"CpuCfsQuota"`
 	CPUShares          bool
 	CPUSet             bool
+	PidsLimit          bool
 	IPv4Forwarding     bool
 	BridgeNfIptables   bool
 	BridgeNfIP6tables  bool `json:"BridgeNfIp6tables"`
 
@@ -342,6 +342,9 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi
 	if resources.CPURealtimeRuntime != 0 {
 		cResources.CPURealtimeRuntime = resources.CPURealtimeRuntime
 	}
+	if resources.PidsLimit != nil {
+		cResources.PidsLimit = resources.PidsLimit
+	}
 
 	// update HostConfig of container
 	if hostConfig.RestartPolicy.Name != "" {
 
@@ -159,7 +159,7 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi
 		resources.MemorySwap != 0 ||
 		resources.MemorySwappiness != nil ||
 		resources.OomKillDisable != nil ||
-		resources.PidsLimit != 0 ||
+		(resources.PidsLimit != nil && *resources.PidsLimit != 0) ||
 		len(resources.Ulimits) != 0 ||
 		resources.CPUCount != 0 ||
 		resources.CPUPercent != 0 ||
 
@@ -118,6 +118,19 @@ func getMemoryResources(config containertypes.Resources) *specs.LinuxMemory {
 	return &memory
 }
 
+func getPidsLimit(config containertypes.Resources) *specs.LinuxPids {
+	limit := &specs.LinuxPids{}
+	if config.PidsLimit != nil {
+		limit.Limit = *config.PidsLimit
+		if limit.Limit == 0 {
+			// docker API allows 0 to unset this to be consistent with default values.
+			// when updating values, runc requires -1
+			limit.Limit = -1
+		}
+	}
+	return limit
+}
+
 func getCPUResources(config containertypes.Resources) (*specs.LinuxCPU, error) {
 	cpu := specs.LinuxCPU{}
 
@@ -453,9 +466,10 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, sysIn
 	if resources.OomKillDisable != nil && *resources.OomKillDisable && resources.Memory == 0 {
 		warnings = append(warnings, "OOM killer is disabled for the container, but no memory limit is set, this can result in the system running out of resources.")
 	}
-	if resources.PidsLimit != 0 && !sysInfo.PidsLimit {
+	if resources.PidsLimit != nil && *resources.PidsLimit != 0 && !sysInfo.PidsLimit {
 		warnings = append(warnings, "Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.")
-		resources.PidsLimit = 0
+		var limit int64
+		resources.PidsLimit = &limit
 	}
 
 	// cpu subsystem checks and adjustments
 
@@ -181,7 +181,7 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, isHyp
 	if resources.OomKillDisable != nil && *resources.OomKillDisable {
 		return warnings, fmt.Errorf("invalid option: Windows does not support OomKillDisable")
 	}
-	if resources.PidsLimit != 0 {
+	if resources.PidsLimit != nil && *resources.PidsLimit != 0 {
 		return warnings, fmt.Errorf("invalid option: Windows does not support PidsLimit")
 	}
 	if len(resources.Ulimits) != 0 {
 
@@ -27,6 +27,7 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
 	v.CPUCfsQuota = sysInfo.CPUCfsQuota
 	v.CPUShares = sysInfo.CPUShares
 	v.CPUSet = sysInfo.Cpuset
+	v.PidsLimit = sysInfo.PidsLimit
 	v.Runtimes = daemon.configStore.GetAllRuntimes()
 	v.DefaultRuntime = daemon.configStore.GetDefaultRuntimeName()
 	v.InitBinary = daemon.configStore.GetInitPath()
 
@@ -72,9 +72,7 @@ func setResources(s *specs.Spec, r containertypes.Resources) error {
 			ThrottleReadIOPSDevice:  readIOpsDevice,
 			ThrottleWriteIOPSDevice: writeIOpsDevice,
 		},
-		Pids: &specs.LinuxPids{
-			Limit: r.PidsLimit,
-		},
+		Pids: getPidsLimit(r),
 	}
 
 	if s.Linux.Resources != nil && len(s.Linux.Resources.Devices) > 0 {
 
@@ -50,5 +50,6 @@ func toContainerdResources(resources container.Resources) *libcontainerd.Resourc
 		r.Memory.Swap = &resources.MemorySwap
 	}
 
+	r.Pids = getPidsLimit(resources)
 	return &r
 }
Original file line number	Diff line number	Diff line change
`@@ -342,6 +342,9 @@ func (container Container) UpdateContainer(hostConfig containertypes.HostConfi`
`342`	`342`	`if resources.CPURealtimeRuntime != 0 {`
`343`	`343`	`cResources.CPURealtimeRuntime = resources.CPURealtimeRuntime`
`344`	`344`	`}`
	`345`	`+ if resources.PidsLimit != nil {`
	`346`	`+ cResources.PidsLimit = resources.PidsLimit`
	`347`	`+ }`
`345`	`348`
`346`	`349`	`// update HostConfig of container`
`347`	`350`	`if hostConfig.RestartPolicy.Name != "" {`
Original file line number	Diff line number	Diff line change
`@@ -181,7 +181,7 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, isHyp`
`181`	`181`	`if resources.OomKillDisable != nil && *resources.OomKillDisable {`
`182`	`182`	`return warnings, fmt.Errorf("invalid option: Windows does not support OomKillDisable")`
`183`	`183`	`}`
`184`		`- if resources.PidsLimit != 0 {`
	`184`	`+ if resources.PidsLimit != nil && *resources.PidsLimit != 0 {`
`185`	`185`	`return warnings, fmt.Errorf("invalid option: Windows does not support PidsLimit")`
`186`	`186`	`}`
`187`	`187`	`if len(resources.Ulimits) != 0 {`
Original file line number	Diff line number	Diff line change
`@@ -50,5 +50,6 @@ func toContainerdResources(resources container.Resources) *libcontainerd.Resourc`
`50`	`50`	`r.Memory.Swap = &resources.MemorySwap`
`51`	`51`	`}`
`52`	`52`
	`53`	`+ r.Pids = getPidsLimit(resources)`
`53`	`54`	`return &r`
`54`	`55`	`}`