Hi everyone, I am trying to limit user resources via systemd slices. While CPU limitations work fine, Memory limitations don't seem to work.
The server runs debian stretch with a 4.9.0-8-amd64 kernel and systemd 232. The config files are in /etc/systemd/system/user-$UID.slice.d/override.conf ($UID is the actual user id for each user). They look like this for every user: [Slice] MemoryHigh=250G MemoryMax=300G CPUQuota=3200% Here is the mount of the cgroup filesystems: cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,clone_children) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) and here the /proc/cgroups file, as you can see, all cgroups are enabled. #subsys_name hierarchy num_cgroups enabled cpuset 3 2 1 cpu 9 117 1 cpuacct 9 117 1 blkio 2 117 1 memory 10 269 1 devices 8 117 1 freezer 7 63 1 net_cls 4 2 1 perf_event 5 2 1 net_prio 4 2 1 pids 6 212 1 Explicitly setting MemoryAccounting=true also doens't help, neither does swap space reduction. I always logged in and out after editing the slice files. I use the "stress" programm to test the limits and check the current CPU and RAM usage with top. CPU limits, as said above, are respected, but the RAM settings are ignored. Unfortunately I don't know what could have been misconfigured. The install is updated from debian Jessie, so there might be some config options that got carried over. On a virtualbox with a fresh debian going over limits defined in such a way resulted in a process kill, and so does it on my personal pc with a different Linux distro. I hope someone of you could give me a hint what I might have missed in the configuration. Best regards, Balthasar
