You are not logged in.
Pages: 1
Hello,
I'm trying to limit firefox to 600MiB of memory usage and to the first 2 cores of my system. I tried following the ArchWiki page for [link=https://wiki.archlinux.org/title/Cgroups]Cgroups[/link], but I find it isn't very well explained for an average-ish user. I couldn't figure out how to do it with systemd and libcgroups always resulted in one of these two errors:
[root@orakThinkPad ~]# cgcreate -a orakmoya -t orakmoya -g memory,cpu:groupname
cgcreate: can't create cgroup groupname: Cgroup one of the needed subsystems is not mounted
or, with just memory
[orakmoya@orakThinkPad ~]$ cgexec -g memory:firefox firefox
cgroup change of group failed
Also, to even create a group with just memory, I needed to add a kernel parameter in grub. This is mentioned nowhere on the wiki page.
Offline
Do not use "Stone Age" tools, use the one you get with the bare system.
systemd-run --user -G -p MemoryMax=600M -p "CPUQuota=200%" /usr/bin/firefox
https://www.freedesktop.org/software/sy … d-run.html
https://www.freedesktop.org/software/sy … trol.html#
Offline
See wiki Firefox - Memory limit
To prevent pages from abusing memory (and possible OOM), we can use Firejail with the rlimit-as option.
firejail --rlimit-as=600000000 firefox
--
saint_abroad
Offline
Do not use "Stone Age" tools, use the one you get with the bare system.
systemd-run --user -G -p MemoryMax=600M -p "CPUQuota=200%" /usr/bin/firefox
https://www.freedesktop.org/software/sy … d-run.html
https://www.freedesktop.org/software/sy … trol.html#
See wiki Firefox - Memory limit
To prevent pages from abusing memory (and possible OOM), we can use Firejail with the rlimit-as option.
firejail --rlimit-as=600000000 firefox
Do either of these get applied on boot or when I launch the application without any arguments, like
[orakmoya@orakThinkPad ~]$ firefox
Offline
No.
You can either https://wiki.archlinux.org/title/Fireja … by_default (but will have to adjust the FF profile) or simply shadow /usr/bin/firefox w/ /usr/local/bin/firefox and make the latter an executable script to your liking.
Beware the pitfall to not run "firefox" inside the script, use the full path to /usr/bin/firefox !
Offline
See wiki Firefox - Memory limit
To prevent pages from abusing memory (and possible OOM), we can use Firejail with the rlimit-as option.
firejail --rlimit-as=600000000 firefox
I have not tested it, but it is very doubtful that it will protect firefox from the notorious OOM.
In the case of chrome (chromium), it's possible that it is working well.
I tested this variant very well.
systemd-run -G --user -p OOMPolicy=continue -p MemoryMax=1G -p MemorySwapMax=100M /usr/bin/firefox
It works. Firefox is working. Disables individual tabs.
Gah. Your tab just crashed.
Last edited by latalante1 (2021-11-30 09:43:17)
Offline
For a Firejail comparison with systemd, see the Firejail Wiki:
Keep in mind that systemd is made to run and sandbox system-services while firejail has its focus on desktop programs.
--
saint_abroad
Offline
He has a bad reputation. I do not use.
https://github.com/netblue30/firejail/issues/3046
Offline
@sabroad
The thread title was only about resource limitation.
If you want to use a partial (sufficient) sandbox with sytemd - it might look like this.
systemd-run --user -G -p OOMPolicy=continue -p MemoryMax=1G -p MemorySwapMax=100M -p "CPUQuota=200%" -p NoNewPrivileges=yes -p PrivateUsers=true \
-p ProtectHome=tmpfs -p PrivateTmp=true -p BindReadOnlyPaths="$HOME/.Xauthority" -p BindPaths="/tmp/.X11-unix /run/user/1000/bus $HOME/.mozilla \
$HOME/.config $HOME/.local/share $HOME/.cache/mozilla $HOME/.cache/mesa_shader_cache $HOME/.cache/fontconfig -$HOME/.cache/event-sound-cache.tdb.92401f97cdbd497eae55bfa27f429cfd.x86_64-pc-linux-gnu \
$HOME/.local/share/recently-used.xbel $HOME/.pki $HOME/Downloads" -p InaccessiblePaths="-$HOME/.config/chromium -$HOME/.config/google-chrome" \
-E DISPLAY=:0 -E MOZ_USE_XINPUT2=1 /usr/bin/apulse /usr/bin/firefox
It's a skeleton.
Last edited by latalante1 (2021-11-30 16:54:20)
Offline
The thread title was only about resource limitation.
The OP also asked:
Do either of these get applied on boot or when I launch the application without any arguments
Which was answered by:
You can either https://wiki.archlinux.org/title/Fireja … by_default
This creates symbolic links in /usr/local/bin pointing to /usr/bin/firejail for programs for which Firejail has default or self-created profiles.[...]
firecfg additionally adds the current user to Firejail user access database and checks the /usr/share/applications/*.desktop files
To directly address setting this up with rlimit-as, can extend firefox sandbox with local profile:
install -d ~/.config/firejail
cat > ~/.config/firejail/firefox.local <<EOF
rlimit-as 600000000
EOF
Lastly,
I have not tested it, but it is very doubtful that it will protect firefox from the notorious OOM.
There's no need here for Uncertainty, Doubt, Fear.
Last edited by sabroad (2021-11-30 15:03:16)
--
saint_abroad
Offline
Hey, don't shame UDF. We just don't like FUD
But ftr, if you provide FF w/ only 600MB RAM (and no swap), FF itself will run OOM within seconds.
That's why it's called "FF" - "Fat Fox"
(And this applies to other "modern" browsers" as well)
Not sure whether rlimit-as does that?
Offline
Not sure whether rlimit-as does that?
Indeed it probably doesn't do what the OP intends: rlimit-as limits the address space [1], rather than resident size [2].
Hat eaten and concede to @latalante1's (justified) UDF.
[1] Firefox requires >3G address space just to start
[2] systemd's MemoryMax limits RSS (but triggers OoM for me and kills FF)
Last edited by sabroad (2021-11-30 16:50:21)
--
saint_abroad
Offline
Pages: 1