(t *testing.T, systemd bool)
| 539 | } |
| 540 | |
| 541 | func testPids(t *testing.T, systemd bool) { |
| 542 | if testing.Short() { |
| 543 | return |
| 544 | } |
| 545 | |
| 546 | config := newTemplateConfig(t, &tParam{systemd: systemd}) |
| 547 | config.Cgroups.Resources.PidsLimit = mkPtr[int64](-1) |
| 548 | |
| 549 | // Running multiple processes, expecting it to succeed with no pids limit. |
| 550 | runContainerOk(t, config, "/bin/sh", "-c", truePipeline(4)) |
| 551 | |
| 552 | // Enforce a permissive limit. This needs to be fairly hand-wavey due to the |
| 553 | // issues with running Go binaries with pids restrictions (see below). |
| 554 | config.Cgroups.Resources.PidsLimit = mkPtr[int64](64) |
| 555 | runContainerOk(t, config, "/bin/sh", "-c", truePipeline(32)) |
| 556 | |
| 557 | // Enforce a restrictive limit. 64 * /bin/true + 1 * shell should cause |
| 558 | // this to fail reliably. |
| 559 | config.Cgroups.Resources.PidsLimit = mkPtr[int64](64) |
| 560 | out, _, err := runContainer(t, config, "/bin/sh", "-c", truePipeline(64)) |
| 561 | if err != nil && !strings.Contains(out.String(), "can't fork") { |
| 562 | t.Fatal(err) |
| 563 | } |
| 564 | |
| 565 | if err == nil { |
| 566 | t.Fatal("expected fork() to fail with restrictive pids limit") |
| 567 | } |
| 568 | |
| 569 | // Minimal restrictions are not really supported, due to quirks in using Go |
| 570 | // due to the fact that it spawns random processes. While we do our best with |
| 571 | // late setting cgroup values, it's just too unreliable with very small pids.max. |
| 572 | // As such, we don't test that case. YMMV. |
| 573 | } |
| 574 | |
| 575 | func TestCgroupResourcesUnifiedErrorOnV1(t *testing.T) { |
| 576 | testCgroupResourcesUnifiedErrorOnV1(t, false) |
no test coverage detected
searching dependent graphs…