tests: add pids.limit tests

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2025-12-24 11:50:58 +08:00 · 2025-10-24 15:30:40 +11:00
parent 3b75374cc7
commit 72421e0e25
2 changed files with 62 additions and 0 deletions
--- a/tests/integration/cgroups.bats
+++ b/tests/integration/cgroups.bats
@@ -324,6 +324,37 @@ convert_hugetlb_size() {
 	done
 }

+# https://github.com/opencontainers/runc/issues/4014.
+@test "runc run (pids.limit=0 means 1)" {
+	[ $EUID -ne 0 ] && requires rootless_cgroup
+	requires cgroups_pids
+
+	set_cgroups_path
+	update_config '.linux.resources.pids.limit = 0'
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_pids
+	[ "$status" -eq 0 ]
+	# systemd doesn't support TasksMax=0 so runc will silently remap it to 1
+	# (for consistency, we do this for systemd *and* cgroupfs).
+	check_cgroup_value "pids.max" "1"
+	check_systemd_value "TasksMax" "1"
+}
+
+# https://github.com/opencontainers/runc/issues/4014.
+@test "runc run (pids.limit=-1 means unlimited)" {
+	[ $EUID -ne 0 ] && requires rootless_cgroup
+	requires cgroups_pids
+
+	set_cgroups_path
+	update_config '.linux.resources.pids.limit = -1'
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_pids
+	[ "$status" -eq 0 ]
+	check_cgroup_value "pids.max" "max"
+	# systemd < v227 shows UINT64_MAX instead of "infinity".
+	check_systemd_value "TasksMax" "infinity" "18446744073709551615"
+}
+
@test "runc run (cgroup v2 resources.unified only)" {
 	requires root cgroups_v2

--- a/tests/integration/update.bats
+++ b/tests/integration/update.bats
@@ -327,6 +327,37 @@ EOF
 	check_cpu_shares 100
 }

+@test "update pids.limit" {
+	[ $EUID -ne 0 ] && requires rootless_cgroup
+	requires cgroups_pids
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_update
+	[ "$status" -eq 0 ]
+
+	check_cgroup_value "pids.max" 20
+	check_systemd_value "TasksMax" 20
+
+	runc update test_update --pids-limit 12345
+	[ "$status" -eq 0 ]
+
+	check_cgroup_value "pids.max" "12345"
+	check_systemd_value "TasksMax" "12345"
+
+	runc update test_update --pids-limit -1
+	[ "$status" -eq 0 ]
+
+	check_cgroup_value "pids.max" "max"
+	# systemd < v227 shows UINT64_MAX instead of "infinity".
+	check_systemd_value "TasksMax" "infinity" "18446744073709551615"
+
+	runc update test_update --pids-limit 0
+	[ "$status" -eq 0 ]
+
+	# systemd doesn't support TasksMax=0 so runc will silently remap it to 1.
+	check_cgroup_value "pids.max" "1"
+	check_systemd_value "TasksMax" "1"
+}
+
@test "cpu burst" {
 	[ $EUID -ne 0 ] && requires rootless_cgroup
 	requires cgroups_cpu_burst