search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.77k stars 565 forks source link

cpulimit limits #4354

Open rusty-snake opened 3 years ago

rusty-snake commented 3 years ago

Currently we have --cpu to limit cores and --rlimit-cpu to limit the total time.

Cpulimit is a tool which limits the CPU usage of a process (expressed in percentage, not in CPU time).

IMO this would be a good addition.

The project seems to be dead (last commit 17 Jun 2015) but it is packaged in the most distros as I see it. IDC if you call cpulimit (which need it installed), integrated it's code (GPLv2+ too) or implement your own code.

reinerh commented 3 years ago

This is also possible with cgroups: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/resource_management_guide/sect-cpu-example_usage Which is a bit nicer than cpulimit, as the cgroup limits will be enforced by the kernel. From a quick glance cpulimit is sending SIGSTOP/SIGCONT to processes to enforce the limit (which seems a bit inaccurate to me).