posted by sbergman27 on Mon 30th Mar 2009 14:14
Conversations Current Linux kernels do not honor the -m or -d options to ulimit, which are supposed to limit the rss and data segment sizes of processes. This leaves only the mostly useless -v option, which limits the mostly meaningless "virtual memory". Is there a real way to place limits upon a user's or process' memory consumption under current Linux kernels?
Previous ConversationNext Conversation
You guys
by fretinator on Tue 31st Mar 2009 14:30 UTC
Member since:

Linus, Alan, I know you're reading this. Please reply to the man, will you.

Reply Score: 2

RE: You guys
by sbergman27 on Tue 31st Mar 2009 18:43 in reply to "You guys"
sbergman27 Member since:

I doubt Linus reads OSNews. Alan might.

Actually, here is what I've done:

while true
LINE=`ps ax -o euser=,pid=,rss=,command= --sort -rss | grep -v "^root" | head -1l`
MEM=`echo $LINE | awk '{print $3}'`
PROC=`echo $LINE | awk '{print $2}'`
if [ $MEM -gt $RSS_LIMIT ]
echo "Killing with 15: $LINE"
kill -15 $PROC
sleep 5
echo "Killing with 9: $LINE"
kill -9 $PROC
echo "=========================="
echo "$LINE" | mail -s " kill notice"
sleep 5

This gives me an easy way of controlling things and monitoring when a process gets zapped. It is actually better than ulimit, which simply denied the request for memory and I never find out about it. My goal, here, is to limit all nonroot processes to < 384MB of RSS. If any process is using more, I want it zapped, and I want to know about it. I might need to up the limit later, but 384MB seems a good starting point.

The down side to this is processor usage. This machine runs 60 desktops in addition to some other stuff and it is not uncommon for it to top 4000 processes. Thus processor usage for my script runs about 5%. Considering that this is a dual processor Intel(R) Xeon(TM) CPU 3.20GHz, that's not too bad. It works out to 2.5% of overall processor, and maybe 2.2% if you take into account hyperthreading. I could increase the sleep duration, but I *do* want it to act quickly when it is needed.

However, it would still be *really* nice to have functional -v and -d limits in Linux!

Reply Score: 2

RE[2]: You guys
by Soulbender on Fri 3rd Apr 2009 23:50 in reply to "RE: You guys"
Soulbender Member since:

I think Monit might be able to do what you're looking for.

Reply Score: 2