Your message dated Wed, 6 Jul 2022 15:05:02 +0200
with message-id <[email protected]>
and subject line Re: Bug#890824: Container: unsets cgroup memory limit on user
login
has caused the Debian Bug report #890824,
regarding Container: unsets cgroup memory limit on user login
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
890824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890824
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 232-25+deb9u1
Severity: important
Hi
I have an issue with Systemd unsetting the memory limit for my container,
whereupon programs like free and htop report having access to 8 exabyte
of memory.
The setup is the following:
Host:
Release: Debian jessie
Kernel: 4.9.65-3+deb9u2~bpo8+1 (jessie backports)
Container provider: libvirt 3.0.0-4~bpo8+1 (jessie backports)
Systemd: 215-17+deb8u7 (jessie)
cgroup hierarchy: legacy
Guest:
Release: Debian stretch
Systemd: 232-25+deb9u1 (stretch)
There are several containers running on the host, but this problem only
occurs with all the Debian stretch containers. Containers running Debian
jessie or older Ubuntu 12.04 aren't affected.
Each container is configured to cgroup enforced memory limit in it's
libvirt domain file.
Example:
<memory unit='KiB'>4194304</memory>
<memory unit='KiB'>2097152</memory>
Steps to reproduce + observations:
1) start a container with virsh -c lxc:// container.example.com
2) virsh -c lxc:// memtune container.example.com
reports a hard_limit of 2097152
3) cat
"/sys/fs/cgroup/memory/machine.slice/machine-<container-name>.scope/memory.limit_in_bytes"
outputs 2147483648
4) nsenter -t <pid> -m -u -i -n -p free reports 2097152 kB
5) ssh container.example.com free reports 9007199254740991 kB
3) cat
"/sys/fs/cgroup/memory/machine.slice/machine-<container-name>.scope/memory.limit_in_bytes"
outputs 9223372036854771712
6) nsenter -t <pid> -m -u -i -n -p free reports 9007199254740991 kB
7) virsh -c lxc:// memtune container.example.com
reports a hard_limit of unlimited
As far as I can tell it seems to be that systemd unsets the cgroup memory
limit when creating the user session. However why it gets set to
9223372036854771712 instead of the 255G of the host I don't know.
In any case I am looking forward to a better solution than resetting the
limits through cron every minute.
-- Package-specific info:
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-0.bpo.5-amd64 (SMP w/32 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
(ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii adduser 3.115
ii libacl1 2.2.52-3+b1
ii libapparmor1 2.11.0-3
ii libaudit1 1:2.6.7-2
ii libblkid1 2.29.2-1
ii libc6 2.24-11+deb9u1
ii libcap2 1:2.25-1
ii libcryptsetup4 2:1.7.3-4
ii libgcrypt20 1.7.6-2+deb9u2
ii libgpg-error0 1.26-2
ii libidn11 1.33-1
ii libip4tc0 1.6.0+snapshot20161117-6
ii libkmod2 23-2
ii liblz4-1 0.0~r131-2+b1
ii liblzma5 5.2.2-1.2+b1
ii libmount1 2.29.2-1
ii libpam0g 1.1.8-3.6
ii libseccomp2 2.3.1-2.1
ii libselinux1 2.6-3+b3
ii libsystemd0 232-25+deb9u1
ii mount 2.29.2-1
ii procps 2:3.3.12-3
ii util-linux 2.29.2-1
Versions of packages systemd recommends:
ii dbus 1.10.24-0+deb9u1
ii libpam-systemd 232-25+deb9u1
Versions of packages systemd suggests:
pn policykit-1 <none>
pn systemd-container <none>
pn systemd-ui <none>
Versions of packages systemd is related to:
pn dracut <none>
pn initramfs-tools <none>
ii udev 232-25+deb9u1
-- no debconf information
--- End Message ---
--- Begin Message ---
Am 06.07.22 um 09:17 schrieb Maximilian Philipps:
hi,
I can't reproduce this anymore because we have migrated away from
libvirt-lxc. We are now using 'lxc', which appears appears to be more
reliable.
Ok, let's close this bug report then.
It's possible, that libvirt-lxc was doing things behind systemd's back
which triggered this issue.
Regards,
Michael
OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
