picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src
History
Chris Down c52db42b78 cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).

This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.

Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).

Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.

After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
2019-04-12 17:23:58 +02:00
..
ac-power
activate tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call 2019-04-10 22:11:18 +02:00
analyze Merge pull request #12188 from poettering/coccinelle-fixlets 2019-04-03 01:46:54 +09:00
ask-password
backlight tree-wide: (void)ify a few unlink() and rmdir() 2019-03-27 18:09:56 +01:00
basic Merge pull request #12222 from yuwata/macsec 2019-04-12 13:59:30 +02:00
binfmt headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
boot scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
busctl Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
cgls systemd-cgls: typo error in help command 2019-03-19 10:27:28 +01:00
cgroups-agent
cgtop tree-wide: use SYNTHETIC_ERRNO() where appropriate 2019-04-02 14:54:42 +02:00
core cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
coredump Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
cryptsetup Add fopen_unlocked() wrapper 2019-04-12 11:44:52 +02:00
debug-generator headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
delta util: split out nulstr related stuff to nulstr-util.[ch] 2019-03-14 13:25:52 +01:00
detect-virt
dissect
environment-d-generator environment-d-generator: do not include /lib/environment.d in the list 2019-02-18 10:29:33 +01:00
escape
firstboot util-lib: when copying files make sure to apply some chattrs early, some late 2019-03-28 18:43:04 +01:00
fsck fsck: copy out device argument from argv[] before forking 2019-03-29 08:18:25 +01:00
fstab-generator Make fopen_temporary and fopen_temporary_label unlocked 2019-04-12 11:44:56 +02:00
fuzz Add fmemopen_unlocked() and use unlocked ops in fuzzers and some other tests 2019-04-12 11:44:57 +02:00
getty-generator getty-generator: use the new main function definer 2018-12-12 21:58:00 +01:00
gpt-auto-generator Merge pull request #11243 from poettering/nspawn-root-overlay 2019-03-01 16:08:55 +01:00
hibernate-resume headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
hostname headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
hwdb
id128 id128: no command accepts additional arguments 2019-03-15 18:53:23 +09:00
import basic: add new helper call empty_or_dash_to_null() 2019-04-08 12:11:11 +02:00
initctl headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
journal Merge pull request #12217 from keszybz/unlocked-operations 2019-04-12 13:51:53 +02:00
journal-remote tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call 2019-04-10 22:11:18 +02:00
kernel-install kernel-install: add a check that the vmlinuz arg is sane 2019-04-03 11:25:40 +02:00
libsystemd Merge pull request #12222 from yuwata/macsec 2019-04-12 13:59:30 +02:00
libsystemd-network Make fopen_temporary and fopen_temporary_label unlocked 2019-04-12 11:44:56 +02:00
libudev util: split out memcmp()/memset() related calls into memory-util.[ch] 2019-03-13 12:16:43 +01:00
locale Make fopen_temporary and fopen_temporary_label unlocked 2019-04-12 11:44:56 +02:00
login Make fopen_temporary and fopen_temporary_label unlocked 2019-04-12 11:44:56 +02:00
machine Make fopen_temporary and fopen_temporary_label unlocked 2019-04-12 11:44:56 +02:00
machine-id-setup
modules-load
mount headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
network Merge pull request #12222 from yuwata/macsec 2019-04-12 13:59:30 +02:00
notify
nspawn seccomp: check more error codes from seccomp_load() 2019-04-12 10:23:07 +02:00
nss-myhostname nss-myhostname: unify code that handles NOT_FOUND case 2019-04-11 11:13:10 +02:00
nss-mymachines nss-mymachines: return NO_RECOVERY instead of NO_DATA when we fail to do D-Bus and similar 2019-04-11 11:13:10 +02:00
nss-resolve nss-resolve: list more errors as cause for fallback 2019-04-11 11:13:11 +02:00
nss-systemd headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
partition tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0 2019-04-11 19:00:37 +02:00
path
portable Add fmemopen_unlocked() and use unlocked ops in fuzzers and some other tests 2019-04-12 11:44:57 +02:00
quotacheck headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
random-seed random-seed: don't use "label" version of mkdir_parents() 2019-03-07 15:10:06 +01:00
rc-local-generator generators: define custom main func definer and use it where applicable 2018-12-12 21:58:00 +01:00
remount-fs remount-fs: split out common pattern out to a function 2019-01-03 15:29:53 +01:00
reply-password util: move some raw memory functions from string-util.h → memory-util.h 2019-03-14 13:25:51 +01:00
resolve Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
rfkill headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
run core: optionally, trigger .timer units on timezone and clock changes 2019-04-02 08:20:10 +02:00
run-generator headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
shared cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
shutdown tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0 2019-04-11 19:00:37 +02:00
sleep headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
socket-proxy tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call 2019-04-10 22:11:18 +02:00
stdio-bridge stdio-bridge: slightly optimize formatting of structure 2019-03-19 15:29:44 +01:00
sulogin-shell
sysctl headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
system-update-generator system-update-generator: use the new main function definer 2018-12-12 21:58:00 +01:00
systemctl cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
systemd network: Introduce MACsec 2019-04-12 10:12:41 +09:00
sysusers tree-wide: introduce empty_or_dash() helper 2019-04-08 12:03:33 +02:00
sysv-generator generators: define custom main func definer and use it where applicable 2018-12-12 21:58:00 +01:00
test cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
time-wait-sync
timedate headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
timesync headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
tmpfiles tree-wide: introduce empty_or_dash() helper 2019-04-08 12:03:33 +02:00
tty-ask-password-agent ask-passwd: slightly optimize handling arguments 2019-04-04 08:07:03 +02:00
udev scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
update-done headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
update-utmp headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
user-sessions headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
vconsole headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
veritysetup generators: define custom main func definer and use it where applicable 2018-12-12 21:58:00 +01:00
version meson: make version a dependency and use it in libbasic 2019-01-22 14:39:38 +01:00
volatile-root mount-util: beef up bind_remount_recursive() to be able to toggle more than MS_RDONLY 2019-03-25 19:33:55 +01:00