Closed aswinashok44 closed 2 years ago
@gollux gentle ping, can you please take a look 👀
Do you have any theory on why it happens? It does not make sense since the limits are set to the same value.
@gollux
Yes, so if we run a program within in the sandbox with --cg-mem=512000
and we use the same sandbox to run another program with --cg-mem=1024000
it fails to update the limit because memory.memsw.limit_in_bytes
is set to 512000
from previous run which prevents setting memory.limit_in_bytes
to a higher value.
Since memory.memsw.limit_in_bytes
is limit of memory and swap where as memory.limit_in_bytes
is just the memory limit, I guess it has to be less than memory.memsw.limit_in_bytes
.
Ah, I did not expect that you are using isolate --run
multiple times in the same sandbox. This was always at the edge between supported and unsupported operation :) The manual page describes only the workflow with a single --run
, but it also does not explicitly forbid using it multiple times. Your case shows that people already started depending on it, so we should probably acknowledge that it works in the docs. I do not see any real problems with that except for a couple of minor issues like this one, which will be hopefully ironed out soon.
BTW, there is an experimental version of Isolate in the cg2
branch, which works with cgroup v2 and cooperates with systemd, if you want to give it a try.
Thanks for merging the PR :)
Will play around with the cg2
version and let you know if I find something.
updated
cg.c
to setmemory.memsw.limit_in_bytes
before settingmemory.limit_in_bytes
, since value already present inmemory.memsw.limit_in_bytes
was preventing settingmemory.limit_in_bytes
to anything more thanmemory.memsw.limit_in_bytes
.