2009/8/23 Daniel Lezcano <daniel.lezcano@xxxxxxx> > Krzysztof Taraszka wrote: > >> Hello, >> >> I am running lxc on my debian unstable sandbox and I have a few question >> about memory managament inside linux containers based on lxc project. >> >> I have got linux kernel 2.6.30.5 with enabled : >> >> +Resource counter >> ++ Memory Resource Controller for Control Groups >> +++ Memory Resource Controller Swap Extension(EXPERIMENTAL) >> >> lxc-checkconfig pass all checks. >> >> I read about cgroups memory managament (Documentation/cgroups/memory.txt) >> and I tried to pass those value to my debian sandbox. >> >> And... >> 'free -m' and 'top/htop' still show all available memory inside container >> (also If I set 32M for lxc.cgroup.memory.limit_in_bytes and >> lxc.cgroup.memory.usage_in_bytes; and 64M for >> lxc.cgroup.memory.memsw.usage_in_bytes and >> lxc.cgroup.memory.memsw.limit_in_bytes free and top show all resources). >> >> What I did wrong? Does the container always show all available memory >> resources without cgroup limitations? >> > > At the first glance I would say the configuration is correct. > But AFAIR, the memory cgroup is not isolated, if you specify 32MB you will > see all the memory available on the system either if you are not allowed to > use more than 32MB. If you create a program which allocates 64MB within a > container configured with 32MB, and you "touch" the pages (may be that can > be done with one mmap call with the MAP_POPULATE option), you should see the > application swapping and the "memory.failcnt" increasing. > > IMHO, showing all the memory available for the system instead of showing > the allowed memory with the cgroup is weird but maybe there is a good reason > to do that. > > Thank you Daniel for your reply. I think that LXC should isolate memory available for containers like Vserver or FreeVPS do (memory + swap) if .cgroup.memory.* and lxc.cgroup.memory.memsw.* is set. Is there any possibility to make a patch for linux kernel / lxc-tools to show the limitations inside cointainers propertly? I think is a good idea and it should be apply as soon as possible. -- Krzysztof Taraszka _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
