On 04/23/2014 03:49 PM, Dwight Engen wrote: > On Wed, 23 Apr 2014 09:07:28 +0300 > Marian Marinov <mm@xxxxxxxx> wrote: > >> On 04/22/2014 11:05 PM, Richard Davies wrote: >>> Dwight Engen wrote: >>>> Richard Davies wrote: >>>>> Vladimir Davydov wrote: >>>>>> In short, kmem limiting for memory cgroups is currently broken. >>>>>> Do not use it. We are working on making it usable though. >>> ... >>>>> What is the best mechanism available today, until kmem limits >>>>> mature? >>>>> >>>>> RLIMIT_NPROC exists but is per-user, not per-container. >>>>> >>>>> Perhaps there is an up-to-date task counter patchset or similar? >>>> >>>> I updated Frederic's task counter patches and included Max >>>> Kellermann's fork limiter here: >>>> >>>> http://thread.gmane.org/gmane.linux.kernel.containers/27212 >>>> >>>> I can send you a more recent patchset (against 3.13.10) if you >>>> would find it useful. >>> >>> Yes please, I would be interested in that. Ideally even against >>> 3.14.1 if you have that too. >> >> Dwight, do you have these patches in any public repo? >> >> I would like to test them also. > > Hi Marian, I put the patches against 3.13.11 and 3.14.1 up at: > > git://github.com/dwengen/linux.git cpuacct-task-limit-3.13 > git://github.com/dwengen/linux.git cpuacct-task-limit-3.14 I did a backport of the patches to 3.12.16 and forward ported them to 3.12.20. I'm very happy with how they work. I used the patches on machines with 10-20k processes and it worked perfectly when some of the containers spawned 100s of processes. It really saved us when one of the containers was attacked :) The only thing that I'm going to add is on the fly change of the limit. Marian > >> Marian >> >>> >>> Thanks, >>> >>> Richard. >>> -- >>> To unsubscribe from this list: send the line "unsubscribe cgroups" >>> in the body of a message to majordomo@xxxxxxxxxxxxxxx >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> >>> >> > > -- > To unsubscribe from this list: send the line "unsubscribe cgroups" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > >
Attachment:
signature.asc
Description: OpenPGP digital signature