Limit process memory usage

OrakMoya · 2021-11-29 19:42:21

Hello,

I'm trying to limit firefox to 600MiB of memory usage and to the first 2 cores of my system. I tried following the ArchWiki page for [link=https://wiki.archlinux.org/title/Cgroups]Cgroups[/link], but I find it isn't very well explained for an average-ish user. I couldn't figure out how to do it with systemd and libcgroups always resulted in one of these two errors:

[root@orakThinkPad ~]# cgcreate -a orakmoya -t orakmoya -g memory,cpu:groupname
cgcreate: can't create cgroup groupname: Cgroup one of the needed subsystems is not mounted

or, with just memory

[orakmoya@orakThinkPad ~]$ cgexec -g memory:firefox firefox
cgroup change of group failed

Also, to even create a group with just memory, I needed to add a kernel parameter in grub. This is mentioned nowhere on the wiki page.

latalante1 · 2021-11-29 20:02:25

Do not use "Stone Age" tools, use the one you get with the bare system.

systemd-run --user -G -p MemoryMax=600M -p "CPUQuota=200%" /usr/bin/firefox

https://www.freedesktop.org/software/sy … d-run.html
https://www.freedesktop.org/software/sy … trol.html#

sabroad · 2021-11-29 20:35:06

See wiki Firefox - Memory limit

To prevent pages from abusing memory (and possible OOM), we can use Firejail with the rlimit-as option.

firejail --rlimit-as=600000000 firefox

OrakMoya · 2021-11-29 20:42:00

latalante1 wrote:

Do not use "Stone Age" tools, use the one you get with the bare system.
systemd-run --user -G -p MemoryMax=600M -p "CPUQuota=200%" /usr/bin/firefox
https://www.freedesktop.org/software/sy … d-run.html
https://www.freedesktop.org/software/sy … trol.html#

sabroad wrote:

See wiki Firefox - Memory limit
To prevent pages from abusing memory (and possible OOM), we can use Firejail with the rlimit-as option.
firejail --rlimit-as=600000000 firefox

Do either of these get applied on boot or when I launch the application without any arguments, like

[orakmoya@orakThinkPad ~]$ firefox

seth · 2021-11-29 21:13:18

No.
You can either https://wiki.archlinux.org/title/Fireja … by_default (but will have to adjust the FF profile) or simply shadow /usr/bin/firefox w/ /usr/local/bin/firefox and make the latter an executable script to your liking.

Beware the pitfall to not run "firefox" inside the script, use the full path to /usr/bin/firefox !

latalante1 · 2021-11-30 09:33:47

sabroad wrote:

See wiki Firefox - Memory limit
To prevent pages from abusing memory (and possible OOM), we can use Firejail with the rlimit-as option.
firejail --rlimit-as=600000000 firefox

I have not tested it, but it is very doubtful that it will protect firefox from the notorious OOM.
In the case of chrome (chromium), it's possible that it is working well.

I tested this variant very well.

systemd-run -G --user -p OOMPolicy=continue -p MemoryMax=1G -p MemorySwapMax=100M /usr/bin/firefox

It works. Firefox is working. Disables individual tabs.
Gah. Your tab just crashed.

Last edited by latalante1 (2021-11-30 09:43:17)

sabroad · 2021-11-30 10:49:37

For a Firejail comparison with systemd, see the Firejail Wiki:

Firejail Wiki wrote:

Keep in mind that systemd is made to run and sandbox system-services while firejail has its focus on desktop programs.

latalante1 · 2021-11-30 11:11:38

He has a bad reputation. I do not use.
https://github.com/netblue30/firejail/issues/3046

latalante1 · 2021-11-30 12:00:26

@sabroad
The thread title was only about resource limitation.

If you want to use a partial (sufficient) sandbox with sytemd - it might look like this.

systemd-run --user -G -p OOMPolicy=continue -p MemoryMax=1G -p MemorySwapMax=100M -p "CPUQuota=200%" -p NoNewPrivileges=yes -p PrivateUsers=true \
-p ProtectHome=tmpfs -p PrivateTmp=true -p BindReadOnlyPaths="$HOME/.Xauthority" -p BindPaths="/tmp/.X11-unix /run/user/1000/bus $HOME/.mozilla \
$HOME/.config $HOME/.local/share $HOME/.cache/mozilla $HOME/.cache/mesa_shader_cache $HOME/.cache/fontconfig -$HOME/.cache/event-sound-cache.tdb.92401f97cdbd497eae55bfa27f429cfd.x86_64-pc-linux-gnu \
$HOME/.local/share/recently-used.xbel $HOME/.pki $HOME/Downloads" -p InaccessiblePaths="-$HOME/.config/chromium -$HOME/.config/google-chrome" \
-E DISPLAY=:0 -E MOZ_USE_XINPUT2=1 /usr/bin/apulse /usr/bin/firefox

It's a skeleton.

Last edited by latalante1 (2021-11-30 16:54:20)

sabroad · 2021-11-30 13:23:16

latalante1 wrote:

The thread title was only about resource limitation.

The OP also asked:

OrakMoya wrote:

Do either of these get applied on boot or when I launch the application without any arguments

Which was answered by:

seth wrote:

You can either https://wiki.archlinux.org/title/Fireja … by_default

wiki wrote:

This creates symbolic links in /usr/local/bin pointing to /usr/bin/firejail for programs for which Firejail has default or self-created profiles.[...]
firecfg additionally adds the current user to Firejail user access database and checks the /usr/share/applications/*.desktop files

To directly address setting this up with rlimit-as, can extend firefox sandbox with local profile:

install -d ~/.config/firejail
cat > ~/.config/firejail/firefox.local <<EOF
rlimit-as 600000000
EOF

Lastly,

latalante1 wrote:

I have not tested it, but it is very doubtful that it will protect firefox from the notorious OOM.

There's no need here for Uncertainty, Doubt, Fear.

Last edited by sabroad (2021-11-30 15:03:16)

seth · 2021-11-30 14:30:57

Hey, don't shame UDF. We just don't like FUD

But ftr, if you provide FF w/ only 600MB RAM (and no swap), FF itself will run OOM within seconds.
That's why it's called "FF" - "Fat Fox"
(And this applies to other "modern" browsers" as well)

Not sure whether rlimit-as does that?

sabroad · 2021-11-30 15:54:26

seth wrote:

Not sure whether rlimit-as does that?

Indeed it probably doesn't do what the OP intends: rlimit-as limits the address space [1], rather than resident size [2].

Hat eaten and concede to @latalante1's (justified) UDF.

[1] Firefox requires >3G address space just to start
[2] systemd's MemoryMax limits RSS (but triggers OoM for me and kills FF)

Last edited by sabroad (2021-11-30 16:50:21)

Arch Linux

#1 2021-11-29 19:42:21

Limit process memory usage

#2 2021-11-29 20:02:25

Re: Limit process memory usage

#3 2021-11-29 20:35:06

Re: Limit process memory usage

#4 2021-11-29 20:42:00

Re: Limit process memory usage

#5 2021-11-29 21:13:18

Re: Limit process memory usage

#6 2021-11-30 09:33:47

Re: Limit process memory usage

#7 2021-11-30 10:49:37

Re: Limit process memory usage

#8 2021-11-30 11:11:38

Re: Limit process memory usage

#9 2021-11-30 12:00:26

Re: Limit process memory usage

#10 2021-11-30 13:23:16

Re: Limit process memory usage

#11 2021-11-30 14:30:57

Re: Limit process memory usage

#12 2021-11-30 15:54:26

Re: Limit process memory usage

Board footer