Setting the MemoryLimit of a user-created systemd scope using cgroups as user
Solution 1:
Ok, so the correct answer is that you cannot setup cgroup limits for user processes (at the time of writing this answer, anyway).
Ref from systemd-devel mailing list:
We simply do not support this right now. Unprivileged users do not get access to the cgroup properties of the various controllers right now, simply because this is unsafe.
We can open this up one day, bit by bit but this requires some kernel work, and an OK from Tejun that this is safe.
This was April, 2015, and I'm assuming nothing has changed since.
Solution 2:
It seems to work if done this way:
$ systemd-run --scope --user --unit limit-test.scope -p MemoryAccounting=yes -p MemoryLimit='10M' bash
and then checking the status:
$ systemctl show --user limit-test.scope | grep Mem
MemoryCurrent=18446744073709551615
MemoryAccounting=yes
MemoryLimit=10485760
The key being to pass in the property with the -p
flag. Also, note that for user-mode systemd, the relevant file for configuring defaults is actually /etc/systemd/user.conf
, and not /etc/systemd/system.conf
.