Skip to content

Cgroup2: Map OCI spec unlimited sentinel values to "max"#620

Merged
dcantah merged 1 commit intoapple:mainfrom
dcantah:cg2-ocispec-unlimited
Apr 7, 2026
Merged

Cgroup2: Map OCI spec unlimited sentinel values to "max"#620
dcantah merged 1 commit intoapple:mainfrom
dcantah:cg2-ocispec-unlimited

Conversation

@dcantah
Copy link
Copy Markdown
Member

@dcantah dcantah commented Mar 31, 2026

The OCI runtime spec uses -1 for memory.limit and pids.limit to mean "unlimited". The cgroup v2 kernel interface rejects literal "-1" and expects the string "max" instead, causing EINVAL on container startup. Translate negative values to "max" before writing.

Also flatten a needlessly nested if let in the CPU resource block.

@dcantah
Cgroup2: Map OCI spec unlimited sentinel values to "max"
f906ccd 
The OCI runtime spec uses -1 for memory.limit and pids.limit to mean
"unlimited". The cgroup v2 kernel interface rejects literal "-1" and
expects the string "max" instead, causing EINVAL on container startup.
Translate negative values to "max" before writing.

Also flatten a needlessly nested `if let` in the CPU resource block.
@dcantah dcantah mentioned this pull request Apr 2, 2026
Open
1 task
@dcantah dcantah merged commit 1a91899 into apple:main Apr 7, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yibozhuang yibozhuang yibozhuang approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dcantah @yibozhuang @jglogan