Skip to content

Instantly share code, notes, and snippets.

@hardfire

hardfire/README.MD

Last active Sep 2, 2020
Embed
What would you like to do?
using cgroups to limit browser memory+cpu usage
  1. cgconfig.conf - that's where you create the control group /etc/
  2. cgrules.conf - that's where you add binaries to that specific control group /etc/
  3. cgconf - that's the init script i use because its not available on ubuntu. It might be available for your OS in the package manager. I took the startup script from http://askubuntu.com/questions/836469/install-cgconfig-in-ubuntu-16-04 - /etc/init.d/

Notes

Use the following steps to test what you have without the

  • cgconfigparser -l /etc/cgconfig.conf - to add/register your control group to the system
  • cgrulesengd - sends the binary-cgroup binding rules.
  • run the application \m/ w00t!
  • Note: I tested by creating a cgroup with 1MB of RAM and tested if chrome crashed or not. It should crash
#!/bin/sh
### BEGIN INIT INFO
# Provides: cgconf
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Configures CGroups
### END INIT INFO
## taken from http://askubuntu.com/questions/836469/install-cgconfig-in-ubuntu-16-04
start_service() {
if is_running; then
echo "cgrulesengd is running already!"
return 1
else
echo "Processing /etc/cgconfig.conf..."
cgconfigparser -l /etc/cgconfig.conf
echo "Processing /etc/cgrules.conf..."
cgrulesengd -vvv --logfile=/var/log/cgrulesengd.log
return 0
fi
}
stop_service() {
if is_running; then
echo "Stopping cgrulesengd..."
pkill cgrulesengd
else
echo "cgrulesengd is not running!"
return 1
fi
}
status() {
if pgrep cgrulesengd > /dev/null; then
echo "cgrulesengd is running"
return 0
else
echo "cgrulesengd is not running!"
return 3
fi
}
is_running() {
status >/dev/null 2>&1
}
case "${1:-}" in
start)
start_service
;;
stop)
stop_service
;;
status)
status
;;
*)
echo "Usage: /etc/init.d/cgconf {start|stop|restart|status}"
exit 2
;;
esac
exit $?
group browsers {
perm {
task {
uid = avk;
gid = users;
}
admin {
uid = avk;
gid = users;
}
}
cpu {
cpu.shares = "256";
}
memory {
# Allocate at most 1 GB of memory to tasks
memory.limit_in_bytes = "1.5G";
# Apply a soft limit of 512 MB to tasks
memory.soft_limit_in_bytes = "200M";
}
}
#user:process subsystems groups
avk:/usr/bin/chromium-browser cpu,memory browsers
avk:/usr/bin/firefox cpu,memory browsers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.