Discussion:
Enforce limitations on portable services
(too old to reply)
Gervais, Francois
2018-10-03 22:06:35 UTC
Permalink
Hi,

I'd like to know if the system administrator that attaches the portable
service is able to enforce limits like cpu and memory usage over the service?

A bit like when specifying the profile.

Thank you
Jérémy Rosen
2018-10-04 06:57:23 UTC
Permalink
Once enabled, a portable service is a normal service.

You can enforce limits with all the usual tools, in particular drop-ins.

On 04/10/2018 00:06, Gervais, Francois wrote:
> Hi,
>
> I'd like to know if the system administrator that attaches the portable
> service is able to enforce limits like cpu and memory usage over the service?
>
> A bit like when specifying the profile.
>
> Thank you
> _______________________________________________
> systemd-devel mailing list
> systemd-***@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel

--
SMILE <http://www.smile.eu/>

20 rue des Jardins
92600 AsniÚres-sur-Seine


*Jérémy ROSEN*
Architecte technique
Responsable de l'expertise Smile-ECS

email ***@smile.fr <mailto:***@smile.fr>
phone +33141402967
url http://www.smile.eu

Twitter <https://twitter.com/GroupeSmile> Facebook
<https://www.facebook.com/smileopensource> LinkedIn
<https://www.linkedin.com/company/smile> Github
<https://github.com/Smile-SA>


Découvrez l’univers Smile, rendez-vous sur smile.eu
<http://smile.eu/?utm_source=signature&utm_medium=email&utm_campaign=signature>

eco Pour la planÚte, n'imprimez ce mail que si c'est nécessaire
Lennart Poettering
2018-10-04 11:38:10 UTC
Permalink
On Mi, 03.10.18 22:06, Gervais, Francois (***@distech-controls.com) wrote:

> Hi,
>
> I'd like to know if the system administrator that attaches the portable
> service is able to enforce limits like cpu and memory usage over the service?
>
> A bit like when specifying the profile.

You can change the limits after attaching them, as Jeremy explained,
like for any other service ("systemctl set-property foo.service MemoryMax=2G"…)

You can also define your own profile, and specify it when attaching a
service, if you like.

I mean, I named the profile concept just "profile" instead of
"security profile", precisely to allow and encourage use for other
purposes than just security restrictions, for example resource
management, even though security is the main application for it.

To add a new profile just place an appropriately named file in
/etc/systemd/portable/profile/. For inspiration see the ones installed
to /usr/lib/systemd/portable/profile/.

A profile in that dir should be a directory with the name of the
profile, and then for each unit type (i.e. for service, socket,
target, timer, …) one .conf file. In most cases it is probably
sufficient to just define a profile for the service unit type, hence
usually you just have
/etc/systemd/portable/profile/<name>/service.conf.

Lennart

--
Lennart Poettering, Red Hat
Gervais, Francois
2018-10-04 16:04:15 UTC
Permalink
The custom profile concept is exactly what I was looking for, thank you.
Continue reading on narkive:
Loading...