Bug#890824: Container: unsets cgroup memory limit on user login

Michael Biebl biebl at debian.org
Mon Feb 19 12:50:46 GMT 2018 

Am 19.02.2018 um 13:09 schrieb Maximilian Philipps:
> Package: systemd
> Version: 232-25+deb9u1
> Severity: important
> 
> Hi
> 
> I have an issue with Systemd unsetting the memory limit for my container,
> whereupon programs like free and htop report having access to 8 exabyte
> of memory.
> 
> The setup is the following:
> 
> Host:
> Release: Debian jessie
> Kernel: 4.9.65-3+deb9u2~bpo8+1 (jessie backports)
> Container provider: libvirt 3.0.0-4~bpo8+1 (jessie backports)
> Systemd: 215-17+deb8u7 (jessie)
> cgroup hierarchy: legacy
> 
> Guest:
> Release: Debian stretch
> Systemd: 232-25+deb9u1 (stretch)
> 
> There are several containers running on the host, but this problem only
> occurs with all the Debian stretch containers. Containers running Debian
> jessie or older Ubuntu 12.04 aren't affected.
> Each container is configured to cgroup enforced memory limit in it's
> libvirt domain file.
> Example:
> <memory unit='KiB'>4194304</memory>
> <memory unit='KiB'>2097152</memory>
> 
> Steps to reproduce + observations:
> 1) start a container with virsh -c lxc:// container.example.com
> 2) virsh -c lxc:// memtune container.example.com
>    reports a hard_limit of 2097152
> 3) cat
> "/sys/fs/cgroup/memory/machine.slice/machine-<container-name>.scope/memory.limit_in_bytes"
> 
> outputs 2147483648
> 4) nsenter -t <pid> -m -u -i -n -p free  reports 2097152 kB
> 5) ssh container.example.com free  reports 9007199254740991 kB
> 3) cat
> "/sys/fs/cgroup/memory/machine.slice/machine-<container-name>.scope/memory.limit_in_bytes"
> 
> outputs 9223372036854771712
> 6) nsenter -t <pid> -m -u -i -n -p free  reports 9007199254740991 kB
> 7) virsh -c lxc:// memtune container.example.com
>    reports a hard_limit of unlimited
> 
> As far as I can tell it seems to be that systemd unsets the cgroup memory
> limit when creating the user session. However why it gets set to
> 9223372036854771712 instead of the 255G of the host I don't know.

I'm confused: Are you saying that systemd inside the guest (i.e. running
systemd v232) resets the memory limits on the host (running v215)?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180219/578b29ac/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list