[libvirt] [PATCH] Add ability to set rlimits at container boot
Daniel P. Berrange
berrange at redhat.com
Fri Jan 30 15:02:38 UTC 2015
On Fri, Jan 30, 2015 at 08:53:20AM -0600, Ryan Cleere wrote:
> ---
> docs/formatdomain.html.in | 49 +++++++++++++++++++++++
> docs/schemas/domaincommon.rng | 89 +++++++++++++++++++++++++++++++++++++++++
> src/conf/domain_conf.c | 92 +++++++++++++++++++++++++++++++++++++++++++
> src/conf/domain_conf.h | 33 ++++++++++++++++
> src/libvirt_private.syms | 1 +
> src/lxc/lxc_controller.c | 32 +++++++++++++++
> src/util/virprocess.c | 4 +-
> src/util/virprocess.h | 2 +
> 8 files changed, 300 insertions(+), 2 deletions(-)
>
> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index f8d5f89..5aec51c 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -348,6 +348,55 @@
> </pre>
>
>
> + <p>
> + If you want to set an rlimit of the containter init process instead of
> + inheriting from the host init, set the <code>rlimits</code> element. You
> + are able to set any of the rlimits that setrlimits is able to set using
> + any of the following sub-elements:
> + </p>
> +
> + <dl>
> + <dt><code>as</code></dt>
> + <dd>Used to set RLIMIT_AS.</dd>
> + <dt><code>core</code></dt>
> + <dd>Used to set RLIMIT_CORE.</dd>
> + <dt><code>cpu</code></dt>
> + <dd>Used to set RLIMIT_CPU.</dd>
> + <dt><code>data</code></dt>
> + <dd>Used to set RLIMIT_DATA.</dd>
> + <dt><code>fsize</code></dt>
> + <dd>Used to set RLIMIT_FSIZE.</dd>
> + <dt><code>locks</code></dt>
> + <dd>Used to set RLIMIT_LOCKS.</dd>
> + <dt><code>memlock</code></dt>
> + <dd>Used to set RLIMIT_MEMLOCK.</dd>
> + <dt><code>msgqueue</code></dt>
> + <dd>Used to set RLIMIT_MSGQUEUE.</dd>
> + <dt><code>nice</code></dt>
> + <dd>Used to set RLIMIT_NICE.</dd>
> + <dt><code>nofile</code></dt>
> + <dd>Used to set RLIMIT_NOFILE.</dd>
> + <dt><code>nproc</code></dt>
> + <dd>Used to set RLIMIT_NPROC.</dd>
> + <dt><code>rss</code></dt>
> + <dd>Used to set RLIMIT_RSS.</dd>
> + <dt><code>rtprio</code></dt>
> + <dd>Used to set RLIMIT_RTPRIO.</dd>
> + <dt><code>rttime</code></dt>
> + <dd>Used to set RLIMIT_RTTIME.</dd>
> + <dt><code>sigpending</code></dt>
> + <dd>Used to set RLIMIT_SIGPENDING.</dd>
> + <dt><code>stack</code></dt>
> + <dd>Used to set RLIMIT_STACK.</dd>
> + </dl>
> +
> + <pre>
> + <rlimits>
> + <nofile>10240</nofile>
> + </rlimits>
> + </pre>
> +
> +
> <h3><a name="elementsSysinfo">SMBIOS System Information</a></h3>
>
> <p>
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index d467dce..b98f8d5 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -59,6 +59,9 @@
> <ref name="idmap"/>
> </optional>
> <optional>
> + <ref name="rlimits"/>
> + </optional>
> + <optional>
> <ref name="devices"/>
> </optional>
> <zeroOrMore>
> @@ -570,6 +573,92 @@
> </interleave>
> </element>
> </define>
> + <define name="rlimits">
> + <element name="rlimits">
> + <interleave>
> + <optional>
> + <element name="cpu">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="fsize">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="data">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="stack">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="core">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="rss">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="nproc">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="nofile">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="memlock">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="as">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="locks">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="sigpending">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="msgqueue">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="nice">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="rtprio">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + <optional>
> + <element name="rttime">
> + <ref name='scaledInteger'/>
> + </element>
> + </optional>
> + </interleave>
> + </element>
> + </define>
> <!--
> Resources usage defines the amount of memory (maximum and possibly
> current usage) and number of virtual CPUs used by that domain.
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index d562e1a..399976e 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -772,6 +772,24 @@ VIR_ENUM_IMPL(virDomainLoader,
> "rom",
> "pflash")
>
> +VIR_ENUM_IMPL(virDomainRLimit, VIR_DOMAIN_RLIMIT_LAST,
> + "cpu",
> + "fsize",
> + "data",
> + "stack",
> + "core",
> + "rss",
> + "nproc",
> + "nofile",
> + "memlock",
> + "as",
> + "locks",
> + "sigpending",
> + "msgqueue",
> + "nice",
> + "rtprio",
> + "rttime")
I'm really not a huge fan of this passthrough of arbitrary rlimits
in the XML like this. Not least because a number of these limits are
actually schedular tunables and so would logically belong under the
existing <cputune> XML element.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list