Skip to content

fix: migrate pids_limit to deploy.resources.limits.pids #439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Aureliolo merged 3 commits into from
Mar 15, 2026
Merged

fix: migrate pids_limit to deploy.resources.limits.pids #439

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7d8831a
fix: migrate pids_limit to deploy.resources.limits.pids
Aureliolo Mar 15, 2026
b22abfd
fix: migrate pids_limit in docker/compose.yml
Aureliolo Mar 15, 2026
770b7c0
docs: update security.md to reference deploy.resources.limits.pids
Aureliolo Mar 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions cli/internal/compose/compose.yml.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,13 @@ services:
read_only: true
tmpfs:
- /tmp:noexec,nosuid,nodev,size=64m
pids_limit: 256
restart: unless-stopped
deploy:
resources:
limits:
memory: 4G
cpus: "2.0"
pids: 256

@greptile-apps greptile-apps Bot Mar 15, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs still reference pids_limit for CIS 5.28

docs/security.md (line 115) was not updated as part of this PR. It still documents the old key:

| **CIS 5.28** | `pids_limit` per container (256 backend, 64 web) |

It should be updated to reference the new deploy.resources.limits.pids field so the security documentation stays in sync with the actual compose files. The resource limits note on the line immediately below (line 117) also only mentions memory and CPU — pids could be added there too.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: cli/internal/compose/compose.yml.tmpl
Line: 35

Comment:
**Docs still reference `pids_limit` for CIS 5.28**

`docs/security.md` (line 115) was not updated as part of this PR. It still documents the old key:

```
| **CIS 5.28** | `pids_limit` per container (256 backend, 64 web) |
```

It should be updated to reference the new `deploy.resources.limits.pids` field so the security documentation stays in sync with the actual compose files. The resource limits note on the line immediately below (line 117) also only mentions memory and CPU — `pids` could be added there too.

How can I resolve this? If you propose a fix, please make it concise.

logging:
driver: json-file
options:
Expand Down Expand Up @@ -65,13 +65,13 @@ services:
- /tmp:noexec,nosuid,nodev,size=16m
- /var/cache/nginx:noexec,nosuid,nodev,size=32m
- /var/run:noexec,nosuid,nodev,size=1m
pids_limit: 64
restart: unless-stopped
deploy:
resources:
limits:
memory: 256M
cpus: "0.5"
pids: 64
logging:
driver: json-file
options:
Expand All @@ -94,13 +94,13 @@ services:
read_only: true
tmpfs:
- /tmp:noexec,nosuid,nodev,size=128m
pids_limit: 128
restart: unless-stopped
deploy:
resources:
limits:
memory: 256M
cpus: "0.5"
pids: 128
logging:
driver: json-file
options:
Expand Down
4 changes: 2 additions & 2 deletions cli/testdata/compose_custom_ports.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,13 @@ services:
read_only: true
tmpfs:
- /tmp:noexec,nosuid,nodev,size=64m
pids_limit: 256
restart: unless-stopped
deploy:
resources:
limits:
memory: 4G
cpus: "2.0"
pids: 256
logging:
driver: json-file
options:
Expand Down Expand Up @@ -63,13 +63,13 @@ services:
- /tmp:noexec,nosuid,nodev,size=16m
- /var/cache/nginx:noexec,nosuid,nodev,size=32m
- /var/run:noexec,nosuid,nodev,size=1m
pids_limit: 64
restart: unless-stopped
deploy:
resources:
limits:
memory: 256M
cpus: "0.5"
pids: 64
logging:
driver: json-file
options:
Expand Down
4 changes: 2 additions & 2 deletions cli/testdata/compose_default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,13 @@ services:
read_only: true
tmpfs:
- /tmp:noexec,nosuid,nodev,size=64m
pids_limit: 256
restart: unless-stopped
deploy:
resources:
limits:
memory: 4G
cpus: "2.0"
pids: 256
logging:
driver: json-file
options:
Expand Down Expand Up @@ -62,13 +62,13 @@ services:
- /tmp:noexec,nosuid,nodev,size=16m
- /var/cache/nginx:noexec,nosuid,nodev,size=32m
- /var/run:noexec,nosuid,nodev,size=1m
pids_limit: 64
restart: unless-stopped
deploy:
resources:
limits:
memory: 256M
cpus: "0.5"
pids: 64
logging:
driver: json-file
options:
Expand Down
4 changes: 2 additions & 2 deletions docker/compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,13 @@ services:
read_only: true
tmpfs:
- /tmp:noexec,nosuid,nodev,size=64m
pids_limit: 256
restart: unless-stopped
deploy:
resources:
limits:
memory: 4G
cpus: "2.0"
pids: 256
logging: *logging

web:
Expand All @@ -61,13 +61,13 @@ services:
- /tmp:noexec,nosuid,nodev,size=16m
- /var/cache/nginx:noexec,nosuid,nodev,size=32m
- /var/run:noexec,nosuid,nodev,size=1m
pids_limit: 64
restart: unless-stopped
deploy:
resources:
limits:
memory: 256M
cpus: "0.5"
pids: 64
logging: *logging

networks:
Expand Down
Loading