[lxc-devel] Memory Resources

Daniel Lezcano daniel.lezcano at free.fr
Sun Aug 23 11:00:18 PDT 2009


Krzysztof Taraszka wrote:
> 2009/8/23 Daniel Lezcano <daniel.lezcano at free.fr>
> 
>> Krzysztof Taraszka wrote:
>>
>>> Hello,
>>>
>>> I am running lxc on my debian unstable sandbox and I have a few question
>>> about memory managament inside linux containers based on lxc project.
>>>
>>> I have got linux kernel 2.6.30.5 with enabled :
>>>
>>> +Resource counter
>>> ++ Memory Resource Controller for Control Groups
>>>  +++ Memory Resource Controller Swap Extension(EXPERIMENTAL)
>>>
>>> lxc-checkconfig pass all checks.
>>>
>>> I read about cgroups memory managament (Documentation/cgroups/memory.txt)
>>> and I tried to pass those value to my debian sandbox.
>>>
>>> And...
>>> 'free -m' and 'top/htop' still show all available memory inside container
>>> (also If I set 32M for lxc.cgroup.memory.limit_in_bytes and
>>> lxc.cgroup.memory.usage_in_bytes; and 64M for
>>> lxc.cgroup.memory.memsw.usage_in_bytes and
>>> lxc.cgroup.memory.memsw.limit_in_bytes free and top show all resources).
>>>
>>> What I did wrong? Does the container always show all available memory
>>> resources  without cgroup limitations?
>>>
>> At the first glance I would say the configuration is correct.
>> But AFAIR, the memory cgroup is not isolated, if you specify 32MB you will
>> see all the memory available on the system either if you are not allowed to
>> use more than 32MB. If you create a program which allocates 64MB within a
>> container configured with 32MB, and you "touch" the pages (may be that can
>> be done with one mmap call with the MAP_POPULATE option), you should see the
>> application swapping and the "memory.failcnt" increasing.
>>
>> IMHO, showing all the memory available for the system instead of showing
>> the allowed memory with the cgroup is weird but maybe there is a good reason
>> to do that.
>>
>>
> 
> Thank you Daniel for your reply.
> I think that LXC should isolate memory available for containers like Vserver
> or FreeVPS do (memory + swap) if .cgroup.memory.* and
> lxc.cgroup.memory.memsw.* is set.
> Is there any possibility to make a patch for linux kernel / lxc-tools to
> show the limitations inside cointainers propertly? I think is a good idea
> and it should be apply as soon as possible.

Maybe a solution can be to add a new memory.meminfo file in the same 
format than /proc/meminfo, so it will be possible to mount --bind 
/cgroup/foo/memory.meminfo to /proc/meminfo for the container.


More information about the Containers mailing list