2009/8/23 Daniel Lezcano <daniel.lezcano@xxxxxxx> > Krzysztof Taraszka wrote: > >> 2009/8/23 Daniel Lezcano <daniel.lezcano@xxxxxxx> >> >> Krzysztof Taraszka wrote: >>> >>> Hello, >>>> >>>> I am running lxc on my debian unstable sandbox and I have a few question >>>> about memory managament inside linux containers based on lxc project. >>>> >>>> I have got linux kernel 2.6.30.5 with enabled : >>>> >>>> +Resource counter >>>> ++ Memory Resource Controller for Control Groups >>>> +++ Memory Resource Controller Swap Extension(EXPERIMENTAL) >>>> >>>> lxc-checkconfig pass all checks. >>>> >>>> I read about cgroups memory managament >>>> (Documentation/cgroups/memory.txt) >>>> and I tried to pass those value to my debian sandbox. >>>> >>>> And... >>>> 'free -m' and 'top/htop' still show all available memory inside >>>> container >>>> (also If I set 32M for lxc.cgroup.memory.limit_in_bytes and >>>> lxc.cgroup.memory.usage_in_bytes; and 64M for >>>> lxc.cgroup.memory.memsw.usage_in_bytes and >>>> lxc.cgroup.memory.memsw.limit_in_bytes free and top show all resources). >>>> >>>> What I did wrong? Does the container always show all available memory >>>> resources without cgroup limitations? >>>> >>>> At the first glance I would say the configuration is correct. >>> But AFAIR, the memory cgroup is not isolated, if you specify 32MB you >>> will >>> see all the memory available on the system either if you are not allowed >>> to >>> use more than 32MB. If you create a program which allocates 64MB within a >>> container configured with 32MB, and you "touch" the pages (may be that >>> can >>> be done with one mmap call with the MAP_POPULATE option), you should see >>> the >>> application swapping and the "memory.failcnt" increasing. >>> >>> IMHO, showing all the memory available for the system instead of showing >>> the allowed memory with the cgroup is weird but maybe there is a good >>> reason >>> to do that. >>> >>> >>> >> Thank you Daniel for your reply. >> I think that LXC should isolate memory available for containers like >> Vserver >> or FreeVPS do (memory + swap) if .cgroup.memory.* and >> lxc.cgroup.memory.memsw.* is set. >> Is there any possibility to make a patch for linux kernel / lxc-tools to >> show the limitations inside cointainers propertly? I think is a good idea >> and it should be apply as soon as possible. >> > > Maybe a solution can be to add a new memory.meminfo file in the same format > than /proc/meminfo, so it will be possible to mount --bind > /cgroup/foo/memory.meminfo to /proc/meminfo for the container. > Yes, I thought the same. This should allow the user-space tools based on /proc/meminfo (such as comand line "free") show limited information :) -- Krzysztof Taraszka _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
