Skip to content

Instantly share code, notes, and snippets.

@hardfire

hardfire/README.MD

Last active August 12, 2021 03:34
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save hardfire/7e5d9e7ce218dcf2f510329c16517331 to your computer and use it in GitHub Desktop.
Save hardfire/7e5d9e7ce218dcf2f510329c16517331 to your computer and use it in GitHub Desktop.
Download ZIP
using cgroups to limit browser memory+cpu usage
Raw
README.MD
  1. cgconfig.conf - that's where you create the control group /etc/
  2. cgrules.conf - that's where you add binaries to that specific control group /etc/
  3. cgconf - that's the init script i use because its not available on ubuntu. It might be available for your OS in the package manager. I took the startup script from http://askubuntu.com/questions/836469/install-cgconfig-in-ubuntu-16-04 - /etc/init.d/

Notes

Use the following steps to test what you have without the

  • cgconfigparser -l /etc/cgconfig.conf - to add/register your control group to the system
  • cgrulesengd - sends the binary-cgroup binding rules.
  • run the application \m/ w00t!
  • Note: I tested by creating a cgroup with 1MB of RAM and tested if chrome crashed or not. It should crash
Raw
cgconf
#!/bin/sh
### BEGIN INIT INFO
# Provides: cgconf
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Configures CGroups
### END INIT INFO
## taken from http://askubuntu.com/questions/836469/install-cgconfig-in-ubuntu-16-04
start_service() {
if is_running; then
echo "cgrulesengd is running already!"
return 1
else
echo "Processing /etc/cgconfig.conf..."
cgconfigparser -l /etc/cgconfig.conf
echo "Processing /etc/cgrules.conf..."
cgrulesengd -vvv --logfile=/var/log/cgrulesengd.log
return 0
fi
}
stop_service() {
if is_running; then
echo "Stopping cgrulesengd..."
pkill cgrulesengd
else
echo "cgrulesengd is not running!"
return 1
fi
}
status() {
if pgrep cgrulesengd > /dev/null; then
echo "cgrulesengd is running"
return 0
else
echo "cgrulesengd is not running!"
return 3
fi
}
is_running() {
status >/dev/null 2>&1
}
case "${1:-}" in
start)
start_service
;;
stop)
stop_service
;;
status)
status
;;
*)
echo "Usage: /etc/init.d/cgconf {start|stop|restart|status}"
exit 2
;;
esac
exit $?
Raw
cgconfig.conf
group browsers {
perm {
task {
uid = avk;
gid = users;
}
admin {
uid = avk;
gid = users;
}
}
cpu {
cpu.shares = "256";
}
memory {
# Allocate at most 1 GB of memory to tasks
memory.limit_in_bytes = "1.5G";
# Apply a soft limit of 512 MB to tasks
memory.soft_limit_in_bytes = "200M";
}
}
Raw
cgrules.conf
#user:process subsystems groups
avk:/usr/bin/chromium-browser cpu,memory browsers
avk:/usr/bin/firefox cpu,memory browsers
@hardfire
Copy link
Author

hardfire commented Oct 3, 2020

Line 21:
uid = avk;

Could you change the username from "avk" to your username and hopefully it works.

Though i dont use this method anymore and have switched to using systemd-run . I wrote about this here - https://avinash.com.np/2020/09/02/running-firefox/chrome/slack-in-a-memory-and-cpu-restricted-enviornment/

@SomePersonSomeWhereInTheWorld
Copy link 

cgconfigparser -l /etc/cgconfig.conf
cgconfigparser; error loading /etc/cgconfig.conf: Cgroup is not mounted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment