[systemd-devel] Limit resources of a group of users
Lennart Poettering
lennart at poettering.net
Tue Mar 4 17:28:03 UTC 2025
On Fr, 28.02.25 13:38, Seva Epsteyn (seva at sevatech.com) wrote:
> Hi,
>
> I am trying to find a way to limit the combined resources of some, but not
> all, users. For example all non root users should be limited to 90% of
> memory.
>
> I can drop in config via user.slice.d which limits all users combined, or
> user-.slice.d which limits each user separately, but can not figure out a
> way to limit all non root users or say users in a group 'foo'.
This is simply not supported at the moment.
The goal was always to eventually allow to configure for each user
individually which slice to assign it to, but this still isn't
implemented. It's not entirely trivial because the cgroup path
currently carries information: our API calls sd_pid_get_session() or
sd_pid_get_owner_uid() parse this information from the cgroup paths,
and hence we cannot randomly change them around as these functions
would then start to fail.
This could be dealt with these days relatively nicely: we could attach
xattrs on the cgroups which give us the necessary information in a
better way than deriving it from the arrangement of the cgroup
paths. But so far noone has sat down implementing this.
TLDR: yes, we think doing this would be good, and we know how, but so
far noone did the work.
Sorry if that's disappointing.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list