I have a standard Linux (Debian testing) laptop, with a swap partition.
I do a lot of experiments with it. Some of them are really memory hungry and the way Linux behaves by default is an issue for me... Let's give a stupid example:
- Sit in front of the laptop
- Open a terminal
- Type
python
, thena = [0]*100000000
Now chances are high that you won't have enough RAM to handle that big list. Linux will fill the RAM, then the swap and, a couple of minutes later, the OOM killer will be triggered off and kill (almost) random services and hopefully, if you hit Ctrl+C at the good time, python
, and if the terminal still had focus, the computer will become responsive again.
I'd like to enforce some memory limits to avoid that unwanted swapping and to refuse to a process the right to allocate more memory than I have (in RAM). If the memory demand is below a certain limit or asked by root, then just kill the most memory hungry process of any user except root.
ulimit -Sv [mem]
I hear in the back!
Ho Ho! "Use cgroups
via cgexec
!" someone says at the first row!
Yes, you are right: these are indeed very good solutions. But:
- They do not apply system-wide
- The limits are set per-process
- The limits are static, disregarding the real amount a free RAM (AFAIK)
- Here and there, they say these are not really a good solution to enforce hard limits.
What I'd like is that the kernel say: "You belongs to user foo (not root), you use a lot of memory and we're gonna run out of memory. Sorry dude... die now!"
Or: "What the hell are you doing? You need x MB and there is only y MB available. Yes, SWAP is empty, but you don't intend to use the SWAP to do your dirty work, do you? No, I said no! No memory for you! If you insist, you're gonna die!"
/proc/sys/vm/overcommit_memory
affects the kernel behaviour on low memory. – jofel Feb 12 '13 at 13:00overcommit_memory
special file uses RAM+SWAP as usable memory. I'm still gonna swap :) – Feb 12 '13 at 13:03ulimits
are a bad idea as shown almost everywhere since it is a per process limitation... I fork you know :) Aboutcgroups
, this is definitely better but lacks something more general: I'm talking about my laptop but I also own a "calculation" server that we are three to share. If I enforce such per user limits, I'll be limited by the worst case scenario, won't I? – Feb 12 '13 at 13:19ulimit
is for the user.cgroup
is for the process and decendants. – vonbrand Feb 12 '13 at 18:11