Hi folks,
I am running LXC 5.0.2 on Debian11 with hybrid cgroup. Problem: The containers running Rocky 8 do not see the memory limit set in the LXC config file (lxc.cgroup.memory.limit_in_bytes = 32G). Other containers running CentOS7 are fine:
# cat /sys/fs/cgroup/memory/lxc.payload.ce7i011/memory.limit_in_bytes
34359738368
# cat /sys/fs/cgroup/memory/lxc.payload.ro8i002/memory.limit_in_bytes
9223372036854771712
How comes? AFAIK the cgroup limits are set even before init is run in the container, so the systemd version shouldn’t make a difference, but to be sure I have configured “lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy=0” and verified that the container sees hybrid cgroup as well. Here is the complete config file:
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist rockylinux -r 8 -a amd64
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = x86_64
lxc.apparmor.profile = unconfined
# Container specific configuration
# lxc.apparmor.profile = generated
# lxc.apparmor.allow_nesting = 1
lxc.rootfs.path = dir:/var/lib/lxc/ro8i002/rootfs
lxc.uts.name = ro8i002.example.com
lxc.mount.entry = /shared/ro8i002 export none defaults,bind 0 0
lxc.mount.entry = /home home none defaults,bind 0 0
lxc.mount.entry = /data data none defaults,bind 0 0
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:47:77:44:56
#def lxc.net.0.ipv4.address = %IP0%
#def lxc.net.0.ipv4.gateway = %GATEWAY%
#def lxc.net.0.ipv6.address = %IP0_6%
#def lxc.net.0.ipv6.gateway = %GATEWAY6%
lxc.start.auto = 1
lxc.group = onboot
lxc.cgroup.memory.limit_in_bytes = 32G
lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy=0
Every helpful suggestion is highly appreciated.
Harri