Resource management #29
Comments
|
Should be possible: https://www.scrivano.org/2019/02/26/resources-management-with-rootless-containers/ I can also create cgroups in systemd's cgroup2 hierarchy: ... but I'm not sure if systemd is going to like this, or whether I should use the debus interface. |
|
I looked some more into this, and after trying various schemes it seems like relying on systemd is the easiest (rootless) solution: Also keeps the sandbox here simple, but it won't work with Docker which requires passing |
|
Yeah, I'm okay with adding some |
|
The problem with cgroup2 AFAIU is creating a cgroup where we can activate/set the resource controllers we need in an unpriviliged manner. With the old JuliaRun PR, it assumed a pre-existing cgroup with such permissions, which would complicate the use of Sandbox.jl. Furthermore, when creating a process it gets put in the current process' cgroup, and migrating it to another cgroup requires write permissions to the common ancestor, which generally isn't the case either. We could use the new Once I realized I could use |
|
@maleadt Any updates here? What solution did you end up going with for PkgEval? |
|
I had something that worked, JuliaCI/PkgEval.jl@d40e757, but reverted it because Julia (i.e. libuv) doesn't support cgroup2, libuv/libuv#2323, and thus ignores any constraints and quickly runs out of memory. That's a unfortunate, since most Linux distros are moving towards cgroup2... |
For PkgEval, it would be nice if we could restrict resource usage of sandboxes. I'm currently doing CPU resource restriction using
taskset, but it looks like limiting memory pretty much requires cgroups. That doesn't fully work in unpriviliged mode though, as we need root to create the memory cgroup, but setting joining the group seems possible without elevated permissions.The text was updated successfully, but these errors were encountered: