changing the order of setting memory limit_in_bytes

[aswinashok44]

updated cg.c to set memory.memsw.limit_in_bytes before setting memory.limit_in_bytes, since value already present in memory.memsw.limit_in_bytes was preventing setting memory.limit_in_bytes to anything more than memory.memsw.limit_in_bytes.

[aswinashok44]

@gollux gentle ping, can you please take a look 👀

[gollux]

Do you have any theory on why it happens? It does not make sense since the limits are set to the same value.

[aswinashok44]

@gollux Yes, so if we run a program within in the sandbox with --cg-mem=512000 and we use the same sandbox to run another program with --cg-mem=1024000 it fails to update the limit because memory.memsw.limit_in_bytes is set to 512000 from previous run which prevents setting memory.limit_in_bytes to a higher value. Since memory.memsw.limit_in_bytes is limit of memory and swap where as memory.limit_in_bytes is just the memory limit, I guess it has to be less than memory.memsw.limit_in_bytes.

[gollux]

Ah, I did not expect that you are using isolate --run multiple times in the same sandbox. This was always at the edge between supported and unsupported operation :) The manual page describes only the workflow with a single --run, but it also does not explicitly forbid using it multiple times. Your case shows that people already started depending on it, so we should probably acknowledge that it works in the docs. I do not see any real problems with that except for a couple of minor issues like this one, which will be hopefully ironed out soon.

BTW, there is an experimental version of Isolate in the cg2 branch, which works with cgroup v2 and cooperates with systemd, if you want to give it a try.

[aswinashok44]

Thanks for merging the PR :) Will play around with the cg2 version and let you know if I find something.