Discussion:
MemoryMax not working with `systemd-run --user` using hybrid cgroups hierarchy
(too old to reply)
Piotr Dobrogost
2018-11-07 14:28:30 UTC
Permalink
Hi

I run `systemd-run --user -p MemoryMax=100M /usr/bin/krusader` to limit
memory usage but it seems the limit is not enforced as `cat /proc/$(pidof
krusader)/status | grep VmRSS` gives "VmRSS: 389992 kB".

% systemctl --version
systemd 239
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2
-IDN +PCRE2 default-hierarchy=hybrid
Lennart Poettering
2018-11-07 16:39:55 UTC
Permalink
Post by Piotr Dobrogost
Hi
I run `systemd-run --user -p MemoryMax=100M /usr/bin/krusader` to limit
memory usage but it seems the limit is not enforced as `cat /proc/$(pidof
krusader)/status | grep VmRSS` gives "VmRSS: 389992 kB".
MemoryMax= requires the memory cgroup controller to work. And that
controller is only safe to delegate on cgroupsv2, not on cgroupsv1,
hence we don't do it there. This means ***@.service can't get write
to access to it on cgroupsv1.

Note that on hybrid all contorllers are mounted as cgroupsv1, hence
hybrid is like legacy in this regard.

Or in other words, unless you go full unified you can't use MemoryMax
in user instances.

Lennart
--
Lennart Poettering, Red Hat
Piotr Dobrogost
2018-11-08 07:42:19 UTC
Permalink
Post by Lennart Poettering
(
)
Note that on hybrid all contorllers are mounted as cgroupsv1, hence
hybrid is like legacy in this regard.
Or in other words, unless you go full unified you can't use MemoryMax
in user instances.
Thanks for clarifying.
Any idea why doesn't latest Fedora (29) use unified mode and when will it
start using this mode?

Piotr
Lennart Poettering
2018-11-08 08:27:31 UTC
Permalink
Post by Piotr Dobrogost
Post by Lennart Poettering
(…)
Note that on hybrid all contorllers are mounted as cgroupsv1, hence
hybrid is like legacy in this regard.
Or in other words, unless you go full unified you can't use MemoryMax
in user instances.
Thanks for clarifying.
Any idea why doesn't latest Fedora (29) use unified mode and when will it
start using this mode?
Would love to switch Fedora over yesterday. But Docker/Kubernetes and
the whole container mess doesn't like cgroupsv2 so far, and given how
important that is for Fedora I fear it'll not be happening anytime
soon.

Yes, Google's/Docker's distaste for cgroupsv2 currently blocks its
adoption in Fedora. Sad.

Lennart
--
Lennart Poettering, Red Hat
Piotr Dobrogost
2018-11-08 09:19:52 UTC
Permalink
Post by Lennart Poettering
Would love to switch Fedora over yesterday. But Docker/Kubernetes and
the whole container mess doesn't like cgroupsv2 so far, and given how
important that is for Fedora I fear it'll not be happening anytime
soon.
Yes, Google's/Docker's distaste for cgroupsv2 currently blocks its
adoption in Fedora. Sad.
For reference I found these issues regarding Docker and runc:
"Docker does not run with unified cgroup hierarchy" –
https://github.com/moby/moby/issues/16238
"support cgroup v2 (unified hierarchy)" –
https://github.com/opencontainers/runc/issues/654

Piotr
Piotr Dobrogost
2018-11-08 10:24:56 UTC
Permalink
Additional question; is there a way to find out which type of hierarchy
does systemd use?

Piotr
Lennart Poettering
2018-11-08 10:33:48 UTC
Permalink
Post by Piotr Dobrogost
Additional question; is there a way to find out which type of hierarchy
does systemd use?
Try this:

stat -fc %T /sys/fs/cgroup/

if that reports "cgroups2fs" then you are in full cgroupsv2 mode. If
it returns "tmpfs" then you are in either full cgroupsv1 mode, or in
hybrid mode. Then, check if /sys/fs/cgroup/unified exists. If it does,
then you are in hybrid mode. if not you are in pure cgroupsv1 mode.

Lennart
--
Lennart Poettering, Red Hat
Piotr Dobrogost
2018-11-08 13:15:18 UTC
Permalink
Post by Lennart Poettering
Post by Piotr Dobrogost
Additional question; is there a way to find out which type of hierarchy
does systemd use?
stat -fc %T /sys/fs/cgroup/
if that reports "cgroups2fs" then you are in full cgroupsv2 mode. If
it returns "tmpfs" then you are in either full cgroupsv1 mode, or in
hybrid mode. Then, check if /sys/fs/cgroup/unified exists. If it does,
then you are in hybrid mode. if not you are in pure cgroupsv1 mode.
Sounds like it could be handy to expose this somehow (as a command or
variable).

I enabled unified hierarchy by passing "systemd.unified_cgroup_hierarchy"
kernel parameter and stat reports "cgroups2fs" yet the limit still doesn't
work – `cat /proc/$(pidof krusader)/status | grep VmRSS` reports "VmRSS:
225452 kB"

Piotr

Loading...