[lxc-users] processes escaped from memory cgroup in container, but CPU group is OK
Michael R. Hines
mrhines at linux.vnet.ibm.com
Fri Nov 21 07:45:47 UTC 2014
Hi All,
I am using LXC 1.0.5, and I have container running Redhat 7.0 on a
Power7 processor. My host kernel version is 3.10.42.
The cgroup for this container located at /cgroup/cpu works very well - I
can manually echo
different shares and control resource usage as expected.
But, to my surprise, I set the "memory.limit_in_bytes" option of the
container in /cgroup/memory/lxc/../container/memory.limit
to a low number (like 2G in bytes), and the container was still able to
consume all the memory in the system.
So, digging deeper I printed the output of "cgroup.procs" and found that
*only* systemd inside the container
was properly joined into the group, whereas all the other child
processes of the container were missing.
As a further test, I repeated the same procedure with a Ubuntu 14 guest
(which does not appear to use systemd),
and the cgroup memory limit worked as expected - all the child processes
were correctly added to "cgroup.procs"
without any problems. When I try to set memory.limit_in_bytes, the
control works very well.
So, what gives? Any ideas?
- Michael
More information about the lxc-users
mailing list