Hi Sumantro and Debarshi, hi fellow podman users,
trying to wade through all this: I don't think there's anything podman can do to solve
this now.
Background:
- the container format metadata has a field for|RLIMIT_NPROC (i.e., what you set via
`ulimit -u`)|
|- this field is optional, but important to some use cases, because it can be used to set
nonstandard limits|
|- podman uses that field at container start time to set the ulimits, which usually always
works on the same machine, as ulimits rarely decrease
|
| - this addition of the field by default was recognized as a design mistake and removed,
so in the future these problems won't happen, unless a user explicitly adds a limit to the
metadata.
|
|- pre podman 4.6, that field was just generally added to the container metadata at
container creation, with the values present at creation time|
|- somewhere on the journey, the default ulimits on F38 got decreased
** To little surprise, that means that software relying on RLIMIT_NPROC being as it
used to be breaks **|
|So, to me this very clearly is a fedora regression, where we (probably for good reason)
reduced that specific ulimit, but forgot to then add a script to go through the toolbox
containers created on the affected machines to adjust or remove that tag.|
|It's not podman's job to fix toolbox or Fedora's ulimits handling, so I don't think that
issue on the podman bugtracker has all too much chances of solving the situation.|
|Hotfixes are also easy: just roll out a toolbox update which upon toolbox start, for each
toolbox container|removes the annotation. The nu-cular way here is [1], i.e. exporting of
the container filesystem to an archive and recreation of an image from that, and then
recreation of the toolbox container from that. I'm almost certain there's IO-cheaper
alternatives (not like one can't fiddle with the container config.json if one knows who
owns the container).
Cheers,
Marcus
[1] https://github.com/containers/podman/issues/19634#issuecomment-1680734973
On 16.08.23 16:19, Sumantro Mukherjee wrote:
Hey Folks!
This is to flag that there is an issue in Podman [0] which will break
Toolbx's basic
functionality in F37 and F38. Toolbx is currently release blocking and
is a part of
FCOS and Workstation ISO.
We are tracking the issue in [0] and request folks to test updates
when fixes are available.
[0] https://github.com/containers/podman/issues/19634
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
