On 02/19/2018 01:50 PM, Michael Biebl wrote:
Am 19.02.2018 um 13:09 schrieb Maximilian Philipps:
Package: systemd
Version: 232-25+deb9u1
Severity: important
Hi
I have an issue with Systemd unsetting the memory limit for my container,
whereupon programs like free and htop report having access to 8 exabyte
of memory.
The setup is the following:
Host:
Release: Debian jessie
Kernel: 4.9.65-3+deb9u2~bpo8+1 (jessie backports)
Container provider: libvirt 3.0.0-4~bpo8+1 (jessie backports)
Systemd: 215-17+deb8u7 (jessie)
cgroup hierarchy: legacy
Guest:
Release: Debian stretch
Systemd: 232-25+deb9u1 (stretch)
There are several containers running on the host, but this problem only
occurs with all the Debian stretch containers. Containers running Debian
jessie or older Ubuntu 12.04 aren't affected.
Each container is configured to cgroup enforced memory limit in it's
libvirt domain file.
Example:
<memory unit='KiB'>4194304</memory>
<memory unit='KiB'>2097152</memory>
Steps to reproduce + observations:
1) start a container with virsh -c lxc:// container.example.com
2) virsh -c lxc:// memtune container.example.com
reports a hard_limit of 2097152
3) cat
"/sys/fs/cgroup/memory/machine.slice/machine-<container-name>.scope/memory.limit_in_bytes"
outputs 2147483648
4) nsenter -t <pid> -m -u -i -n -p free reports 2097152 kB
5) ssh container.example.com free reports 9007199254740991 kB
3) cat
"/sys/fs/cgroup/memory/machine.slice/machine-<container-name>.scope/memory.limit_in_bytes"
outputs 9223372036854771712
6) nsenter -t <pid> -m -u -i -n -p free reports 9007199254740991 kB
7) virsh -c lxc:// memtune container.example.com
reports a hard_limit of unlimited
As far as I can tell it seems to be that systemd unsets the cgroup memory
limit when creating the user session. However why it gets set to
9223372036854771712 instead of the 255G of the host I don't know.
I'm confused: Are you saying that systemd inside the guest (i.e. running
systemd v232) resets the memory limits on the host (running v215)?
No, the hosts still sees the 255GB. The systemd in the guest resets
the limits for the container when someone logs in.
In terms of the cgroup hierarchy /sys/fs/cgroup/memory/memory.limit_in_bytes
is always 9223372036854771712, which appears to be treated as no
restrictions on the host.
However the memory.limit_in_bytes within the machine scope does change.
_______________________________________________
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
