option.mem=2G line should match up to the cgroup 2G limitation. While allowing all programs out side the cgroup to use all the ram your system has installed. mmap patch is trying to control pointer allocation. Yes really nasty visualization method. If we really have to go that far we need to start looking at merging with KVM. They use cpu support to create an completely independent memory zone. Most likely less cost. Yes I hope we can find some other cause.
