diff options
author | Chris Down <chris@chrisdown.name> | 2019-03-28 13:50:50 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2019-04-12 17:23:58 +0200 |
commit | c52db42b78f6fbeb7792cc4eca27e2767a48b6ca (patch) | |
tree | fc854eb4073509e1e7aba1678a82b62fd16ea1eb /test/dml-override.slice | |
parent | Merge pull request #12222 from yuwata/macsec (diff) | |
download | systemd-c52db42b78f6fbeb7792cc4eca27e2767a48b6ca.tar.xz systemd-c52db42b78f6fbeb7792cc4eca27e2767a48b6ca.zip |
cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).
This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.
Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).
Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.
After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
Diffstat (limited to 'test/dml-override.slice')
-rw-r--r-- | test/dml-override.slice | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/dml-override.slice b/test/dml-override.slice new file mode 100644 index 0000000000..feb6773e39 --- /dev/null +++ b/test/dml-override.slice @@ -0,0 +1,5 @@ +[Unit] +Description=DML override slice + +[Slice] +DefaultMemoryLow=10 |