What is the best way to set cgroup limits for user processes? I mean the individual processes. I know that you can set limits for user.slice, but how to set limits for, let's say, firefox?
I tried to make a service file for firefox, it looks like this: [Unit] Description=Firefox Web Browser Documentation=https://www.mozilla.org/ After=graphical.target Before=shutdown.target [Service] Environment="DISPLAY=:0" User=morfik Type=simple ExecStart=/opt/firefox/firefox -new-instance -ProfileManager Restart=no RemainAfterExit=no Nice=5 IOSchedulingClass=best-effort IOSchedulingPriority=3 OOMScoreAdjust=500 CPUShares=512 MemoryLimit=300M BlockIOWeight=256 The parameters are just for testing purposes, and of course the unit is a system unit. I tested it with: morfik:~$ systemctl start firefox.service ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to manage system services or units. Authenticating as: morfik Password: ==== AUTHENTICATION COMPLETE === and the service starts. The "nice" parameters are set, so are the cgroups: morfik:~$ systemctl status firefox ● firefox.service - Firefox Web Browser Loaded: loaded (/etc/systemd/system/firefox.service; static; vendor preset: enabled) Active: active (running) since Wed 2015-02-18 12:11:49 CET; 1min 46s ago Docs: https://www.mozilla.org/ Main PID: 60773 (firefox) Memory: 259.2M (limit: 300.0M) CGroup: /system.slice/firefox.service └─60773 /opt/firefox/firefox -new-instance -ProfileManager I didn't really like the way I stared the firefox, so I tried to move the service from the system to the user dir. I also changed a little bit the unit file -- the user and env lines were removed. After the change, I started the service in order to test whether it works or not: morfik:~$ systemctl --user daemon-reload morfik:~$ systemctl --user start firefox.service morfik:~$ systemctl --user status firefox.service ● firefox.service - Firefox Web Browser Loaded: loaded (/etc/systemd/user/firefox.service; static; vendor preset: enabled) Active: active (running) since Wed 2015-02-18 12:20:56 CET; 19s ago Docs: https://www.mozilla.org/ Main PID: 64082 (firefox) CGroup: /user.slice/user-1000.slice/user@1000.service/firefox.service └─64082 /opt/firefox/firefox -new-instance -ProfileManager It works, but as you can see, there's no cgroup limits. The "nice" parameters are set correctly, but it looks like the cgroup ones are ignored for some reason. Here are some additional commands: # cat /proc/`pidof firefox`/cgroup 9:blkio:/ 8:cpuset:/ 7:freezer:/ 6:cpu,cpuacct:/ 5:perf_event:/ 4:devices:/user.slice 3:memory:/ 2:net_cls,net_prio:/ 1:name=systemd:/user.slice/user-1000.slice/user@1000.service/firefox.service root:~# systemd-cgls ├─1 /sbin/init splash ├─system.slice │ ├─dbus.service │ │ └─1529 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation ... └─user.slice ├─user-1000.slice │ ├─session-1.scope │ │ ├─ 2027 lightdm --session-child 12 19 ... │ └─user@1000.service │ ├─2031 /lib/systemd/systemd --user │ ├─2032 (sd-pam) │ └─firefox.service │ └─64082 /opt/firefox/firefox -new-instance -ProfileManager └─user-108.slice ├─session-c1.scope │ ├─2013 /usr/bin/dbus-launch --autolaunch 159815709bbc46c29ef786cfc497afd4 --binary-syntax --close-stderr │ ├─2014 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session │ ├─2016 /usr/lib/at-spi2-core/at-spi-bus-launcher │ ├─2020 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3 │ └─2023 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session └─user@108.service ├─1992 /lib/systemd/systemd --user └─1993 (sd-pam) root:~# ls -al /sys/fs/cgroup/systemd/user.slice/user-1000.slice/user@1000.service/firefox.service/ total 0 drwxr-xr-x 2 morfik morfik 0 2015-02-18 12:20:56 ./ drwxr-xr-x 24 morfik morfik 0 2015-02-18 12:20:56 ../ -rw-r--r-- 1 morfik morfik 0 2015-02-18 12:20:56 cgroup.clone_children -rw-r--r-- 1 morfik morfik 0 2015-02-18 12:20:56 cgroup.procs -rw-r--r-- 1 morfik morfik 0 2015-02-18 12:20:56 notify_on_release -rw-r--r-- 1 morfik morfik 0 2015-02-18 12:20:56 tasks BTW, one more thing. Is there a way to set a mark for network packets using unit services? I really need this feature, but I couldn't find any useful information on this subject.
pgpEAfAZxmQeG.pgp
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel