Add "Docker PID Limit" to limit docker container PIDs.

2026-01-04 08:29:51 -06:00 · 2024-07-05 03:47:51 -05:00
parent c9109d61bf
commit 1524f2d69a
2 changed files with 25 additions and 8 deletions
--- a/emhttp/plugins/dynamix.docker.manager/DockerSettings.page
+++ b/emhttp/plugins/dynamix.docker.manager/DockerSettings.page
@@ -145,6 +145,11 @@ _(Docker Stop Timeout)_ (_(seconds)_):

 :docker_timeout_help:

+_(Docker PID Limit)_:
+: <input class='narrow' id="DOCKER_PID_LIMIT" type="number" name="DOCKER_PID_LIMIT" min='1' value="<?=_var($dockercfg,'DOCKER_PID_LIMIT')?>" placeholder="2048">
+
+:docker_pid_limit_help:
+
 <?if ($DockerStopped):?>

 _(Docker data-root)_:
--- a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
@@ -12,6 +12,11 @@
 */
 ?>
 <?
+/* Read the docker configuration file. */
+$cfgfile	= "/boot/config/docker.cfg";
+$config_ini	= @parse_ini_file($cfgfile, true, INI_SCANNER_RAW);
+$cfg		= ($config_ini !== false) ? $config_ini : [];
+
 function addRoute($ct) {
  // add static route(s) for remote WireGuard access
  [$pid,$net] = array_pad(explode(' ',exec("docker inspect --format='{{.State.Pid}} {{.NetworkSettings.Networks}}' $ct")),2,'');
@@ -301,15 +306,22 @@ function xmlToCommand($xml, $create_paths=false) {
      $Devices[] = escapeshellarg($hostConfig);
    }
  }
-  $logSize = $logFile = '';
-  if (($cfg['DOCKER_LOG_ROTATION']??'')=='yes') {
-    $logSize = $cfg['DOCKER_LOG_SIZE'] ?? '10m';
-    $logSize = "--log-opt max-size='$logSize'";
-    $logFile = $cfg['DOCKER_LOG_FILES'] ?? '1';
-    $logFile = "--log-opt max-file='$logFile'";
+
+  // Add pid limit if user has not specified it as an extra parameter
+  $pidsLimit = preg_match('/--pids-limit (\d+)/', $xml['ExtraParams'], $matches) ? $matches[1] : null;
+  if ($pidsLimit === null) {
+    $pid_limit = "--pids-limit ";
+    if (($cfg['DOCKER_PID_LIMIT']??'') != "") {
+      $pid_limit .= $cfg['DOCKER_PID_LIMIT'];
+    } else {
+      $pid_limit .= "2048";
+    }
+  } else {
+    $pid_limit = "";
  }
-  $cmd = sprintf($docroot.'/plugins/dynamix.docker.manager/scripts/docker create %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s',
-         $cmdName, $cmdNetwork, $cmdMyIP, $cmdCPUset, $logSize, $logFile, $cmdPrivileged, implode(' -e ', $Variables), implode(' -l ', $Labels), implode(' -p ', $Ports), implode(' -v ', $Volumes), implode(' --device=', $Devices), $xml['ExtraParams'], escapeshellarg($xml['Repository']), $xml['PostArgs']);
+
+  $cmd = sprintf($docroot.'/plugins/dynamix.docker.manager/scripts/docker create %s %s %s %s %s %s %s %s %s %s %s %s %s %s',
+         $cmdName, $cmdNetwork, $cmdMyIP, $cmdCPUset, $pid_limit, $cmdPrivileged, implode(' -e ', $Variables), implode(' -l ', $Labels), implode(' -p ', $Ports), implode(' -v ', $Volumes), implode(' --device=', $Devices), $xml['ExtraParams'], escapeshellarg($xml['Repository']), $xml['PostArgs']);
  return [preg_replace('/\s\s+/', ' ', $cmd), $xml['Name'], $xml['Repository']];
 }
 function stopContainer($name, $t=false, $echo=true) {