[systemd-devel] Separating user-0.slice from other users

Frank Steiner fsteiner-mail1 at bio.ifi.lmu.de
Thu Mar 7 10:21:53 UTC 2019


Hi,

another weird cgroup question :-) Now that I'm able to move certain
system services into the user slice and impose an overall memory limit
on them and all users, I'd like to move the root user outside the user
slice to make sure he is not hit by the limit.

I was able to move part of roots processes outside the user.slice by
creating user at 0.service and giving it a different slice. But it
seems that "/usr/lib/systemd/systemd --user" enforces the user-0 at slice
below user.slice, even when I rename slide in user at .service to e.g.
blauser-%i.slice:


Control group /:
-.slice
├─blauser.slice
│ └─blauser-19012.slice
│   └─user at 19012.service
│     └─init.scope
│       ├─8474 /usr/lib/systemd/systemd --user
│       └─8475 (sd-pam)
├─root.slice
│ └─user at 0.service
│   └─init.scope
│     ├─8598 /usr/lib/systemd/systemd --user
│     └─8599 (sd-pam)
├─user.slice
│ ├─user-19012.slice
│ │ └─session-8.scope
│ │   ├─8472 sshd: myuser [priv]
│ │   ├─8480 sshd: myuser at pts/1
│ │   └─8481 -tcsh
│ └─user-0.slice
│   └─session-9.scope
│     ├─8596 sshd: root at pts/0
│     ├─8604 -tcsh
│     ├─8774 systemd-cgls
│     └─8775 less


Is there a way to keep the systemd user session below the root.slice?
Or any other way to exclude only the root user from the limits set for
the user.slice?

cu,
Frank




-- 
Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17           Phone: +49 89 2180-4049
80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *


More information about the systemd-devel mailing list