[libvirt] [PATCH] Add ability to set rlimits at container boot
Ryan Cleere
rcleere at gmail.com
Fri Jan 30 15:32:34 UTC 2015
I guess I don't really have an argument for or against removing some of
them from <rlimits>. The original patch that I wrote and we use internally
only allowed setting of RLIMIT_NOFILE, but when I went to publish it back
to this list is was trivial to just make it a generic interface to all of
the RLIMIT_* tunables. I don't have a need for them at this time, but I
figured someone else might find them useful. But if this list can come up
with a set we want included/excluded then the <rlimits> section can be
modified accordingly. Although it might be confusing to an operator who is
reading the setrlimit(2) manpage and can't understand why they can't set
the limit they are interested in.
Ryan
On Fri, Jan 30, 2015 at 9:02 AM, Daniel P. Berrange <berrange at redhat.com>
wrote:
> On Fri, Jan 30, 2015 at 08:53:20AM -0600, Ryan Cleere wrote:
> > ---
> > docs/formatdomain.html.in | 49 +++++++++++++++++++++++
> > docs/schemas/domaincommon.rng | 89
> +++++++++++++++++++++++++++++++++++++++++
> > src/conf/domain_conf.c | 92
> +++++++++++++++++++++++++++++++++++++++++++
> > src/conf/domain_conf.h | 33 ++++++++++++++++
> > src/libvirt_private.syms | 1 +
> > src/lxc/lxc_controller.c | 32 +++++++++++++++
> > src/util/virprocess.c | 4 +-
> > src/util/virprocess.h | 2 +
> > 8 files changed, 300 insertions(+), 2 deletions(-)
> >
> > diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> > index f8d5f89..5aec51c 100644
> > --- a/docs/formatdomain.html.in
> > +++ b/docs/formatdomain.html.in
> > @@ -348,6 +348,55 @@
> > </pre>
> >
> >
> > + <p>
> > + If you want to set an rlimit of the containter init process
> instead of
> > + inheriting from the host init, set the <code>rlimits</code>
> element. You
> > + are able to set any of the rlimits that setrlimits is able to set
> using
> > + any of the following sub-elements:
> > + </p>
> > +
> > + <dl>
> > + <dt><code>as</code></dt>
> > + <dd>Used to set RLIMIT_AS.</dd>
> > + <dt><code>core</code></dt>
> > + <dd>Used to set RLIMIT_CORE.</dd>
> > + <dt><code>cpu</code></dt>
> > + <dd>Used to set RLIMIT_CPU.</dd>
> > + <dt><code>data</code></dt>
> > + <dd>Used to set RLIMIT_DATA.</dd>
> > + <dt><code>fsize</code></dt>
> > + <dd>Used to set RLIMIT_FSIZE.</dd>
> > + <dt><code>locks</code></dt>
> > + <dd>Used to set RLIMIT_LOCKS.</dd>
> > + <dt><code>memlock</code></dt>
> > + <dd>Used to set RLIMIT_MEMLOCK.</dd>
> > + <dt><code>msgqueue</code></dt>
> > + <dd>Used to set RLIMIT_MSGQUEUE.</dd>
> > + <dt><code>nice</code></dt>
> > + <dd>Used to set RLIMIT_NICE.</dd>
> > + <dt><code>nofile</code></dt>
> > + <dd>Used to set RLIMIT_NOFILE.</dd>
> > + <dt><code>nproc</code></dt>
> > + <dd>Used to set RLIMIT_NPROC.</dd>
> > + <dt><code>rss</code></dt>
> > + <dd>Used to set RLIMIT_RSS.</dd>
> > + <dt><code>rtprio</code></dt>
> > + <dd>Used to set RLIMIT_RTPRIO.</dd>
> > + <dt><code>rttime</code></dt>
> > + <dd>Used to set RLIMIT_RTTIME.</dd>
> > + <dt><code>sigpending</code></dt>
> > + <dd>Used to set RLIMIT_SIGPENDING.</dd>
> > + <dt><code>stack</code></dt>
> > + <dd>Used to set RLIMIT_STACK.</dd>
> > + </dl>
> > +
> > + <pre>
> > + <rlimits>
> > + <nofile>10240</nofile>
> > + </rlimits>
> > + </pre>
> > +
> > +
> > <h3><a name="elementsSysinfo">SMBIOS System Information</a></h3>
> >
> > <p>
> > diff --git a/docs/schemas/domaincommon.rng
> b/docs/schemas/domaincommon.rng
> > index d467dce..b98f8d5 100644
> > --- a/docs/schemas/domaincommon.rng
> > +++ b/docs/schemas/domaincommon.rng
> > @@ -59,6 +59,9 @@
> > <ref name="idmap"/>
> > </optional>
> > <optional>
> > + <ref name="rlimits"/>
> > + </optional>
> > + <optional>
> > <ref name="devices"/>
> > </optional>
> > <zeroOrMore>
> > @@ -570,6 +573,92 @@
> > </interleave>
> > </element>
> > </define>
> > + <define name="rlimits">
> > + <element name="rlimits">
> > + <interleave>
> > + <optional>
> > + <element name="cpu">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="fsize">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="data">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="stack">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="core">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="rss">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="nproc">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="nofile">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="memlock">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="as">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="locks">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="sigpending">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="msgqueue">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="nice">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="rtprio">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + <optional>
> > + <element name="rttime">
> > + <ref name='scaledInteger'/>
> > + </element>
> > + </optional>
> > + </interleave>
> > + </element>
> > + </define>
> > <!--
> > Resources usage defines the amount of memory (maximum and possibly
> > current usage) and number of virtual CPUs used by that domain.
> > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> > index d562e1a..399976e 100644
> > --- a/src/conf/domain_conf.c
> > +++ b/src/conf/domain_conf.c
> > @@ -772,6 +772,24 @@ VIR_ENUM_IMPL(virDomainLoader,
> > "rom",
> > "pflash")
> >
> > +VIR_ENUM_IMPL(virDomainRLimit, VIR_DOMAIN_RLIMIT_LAST,
> > + "cpu",
> > + "fsize",
> > + "data",
> > + "stack",
> > + "core",
> > + "rss",
> > + "nproc",
> > + "nofile",
> > + "memlock",
> > + "as",
> > + "locks",
> > + "sigpending",
> > + "msgqueue",
> > + "nice",
> > + "rtprio",
> > + "rttime")
>
> I'm really not a huge fan of this passthrough of arbitrary rlimits
> in the XML like this. Not least because a number of these limits are
> actually schedular tunables and so would logically belong under the
> existing <cputune> XML element.
>
> Regards,
> Daniel
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org -o- http://virt-manager.org
> :|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/
> :|
> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc
> :|
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150130/956fd595/attachment-0001.htm>
More information about the libvir-list
mailing list