From e6b83c91b64229920749de1b790cc536d903b1fb Mon Sep 17 00:00:00 2001
From: Håkon Hallingstad <hakon@verizonmedia.com>
Date: Tue, 24 Sep 2019 01:50:23 +0200
Subject: Set pids limit to 400k

---
 .../com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java
index 2e5cfab36cc..3de360a398b 100644
--- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java
@@ -170,6 +170,10 @@ class CreateContainerCommandImpl implements Docker.CreateContainerCommand {
                 .withSecurityOpts(new ArrayList<>(securityOpts))
                 .withBinds(volumeBinds)
                 .withUlimits(ulimits)
+                // At docker version 1.13.1 patch 91 and earlier, pids.max for the Docker container's cgroup
+                // was "max". This changed to patch 102, with a default of 4k which is too low. Note: Setting
+                // this to 0L still results in 4k. File: /sys/fs/cgroup/pids/docker/CONTAINERID/pids.max.
+                .withPidsLimit(409600L)
                 .withCapAdd(addCapabilities.toArray(new Capability[0]))
                 .withCapDrop(dropCapabilities.toArray(new Capability[0]))
                 .withPrivileged(privileged);
-- 
cgit v1.2.3