1

I am trying to set up resource limit delegation for a specific user myuser on Ubuntu 20.04.5. The point is that I need to be able to control resource limits when running my rootless Podman container.

However, despite the numerous online tutorials on cgroups, I am at a loss as to how I'm supposed to achieve this.

On the official Podman website, it says that I can verify whether resource limit delegation is enabled by running the following command:

cat "/sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers"

But the user.slice folder doesn't exist. Then it says that in any case I can enable resource limit delegation for all users by modifying the file:

/etc/systemd/system/user@.service.d/delegate.conf

But the user@.service.d folder doesn't exist. Then I'm being told that I maybe need to install the libcgroup package, but when I run

apt-get install libcgroup

I get

Unable to locate package libcgroup

So what am I supposed to do to enable cgroups on Ubuntu 20.04.5 and set up resource limit delegation for myuser?

Please help...

87dsf897w6543d54fsdf
  • 11
  • find /sys/fs/cgroup/* | grep "user@$(id -u).service/cgroup.controllers" shows that it's located at /sys/fs/cgroup/unified/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers – mchid Oct 07 '22 at 06:33
  • @mchid Thank you for that. But after modifying my cat... command, I get an empty return value, i.e., can't delegate resource limits for that user. And the delegate.conf file is not existing anywhere. – 87dsf897w6543d54fsdf Oct 07 '22 at 06:38
  • Would something like this work? You would need to install cgroup-tools Also, the package you were looking for is libcgroup1 instead of libcgroup for some reason. Run apt-cache search cgroup | grep cgroup to list related packages. – mchid Oct 07 '22 at 06:49
  • If you're not a vi user, just use nano instead and you probably need to use sudo to run the commands in the linked answer or as root. – mchid Oct 07 '22 at 06:51
  • @mchid Thanks for that, now I was able to install the libcgroup package. But still, there is no /etc/cgrules.conf file. And still no delegate.conf file. I installed both the libcgroup1 and cgroup-tools packages. – 87dsf897w6543d54fsdf Oct 07 '22 at 06:56
  • You sure? /etc/cgrules.conf should be provided by the cgroup-tools package. – mchid Oct 07 '22 at 07:12
  • Also, I couldn't find a delegate.conf file anywhere from any package. Unless it's a file that you create manually. Not sure the method they were using in the tutorial but using the /etc/cgrules.conf file seems pretty straightforward. If possible, you might be able to use that instead of the delegate file. – mchid Oct 07 '22 at 07:15
  • 1
    @mchid Indeed, but the file is located at /usr/share/doc/cgroup-tools/examples/cgrules.conf instead of /etc/cgrules.conf. That seems strange, especially that it's inside a folder named examples. Am I supposed to copy that into /etc/? Why is there so little documentation on this? It's confusing, every step of the way. – 87dsf897w6543d54fsdf Oct 07 '22 at 07:18
  • Yeah, the cgrules.conf file is an example file located at /usr/share/doc/cgroup-tools/examples/cgrules.conf You can look to this file for examples. All you have to do is create your own file at /etc/cgrules.conf If the example configuration is what you want then copy the file to /etc/cgrules.conf and you can use that as a template. – mchid Oct 07 '22 at 07:20
  • The example shown in the other answer does not use the example file as a template and appears to only set limits for a groupname:username – mchid Oct 07 '22 at 07:22
  • @mchid Thanks for that. I will try that now. After modifying the file, am I supposed to restart some service? I don't see anything related to cgroups or cgconfigs in the list of services, even though several tutorials suggest executing service cgconfig restart – 87dsf897w6543d54fsdf Oct 07 '22 at 07:30

0 Answers0