Debian 10:我想限制除 之外的所有用户的内存、CPU 等root;我找到了几篇关于此问题的文章,但到目前为止,它们都围绕着 cgconfig,而这似乎不是现在的做法。我看到一些建议改用切片,因此对于 UID 1000,请创建类似以下内容的内容:
# cat /lib/systemd/system/user-1000.slice
[Unit]
Description=User and Session Slice
Documentation=man:systemd.special(7)
Before=slices.target
MemoryHigh=20M
[Slice]
Slice=user-slice
[Install]
WantedBy=multi-user.target
并使用 启用它systemctl enable user-1000.slice。这似乎已经成功了一半:
$ systemctl status user-1000.slice
Warning: The unit file, source configuration file or drop-ins of user-1000.slice changed on disk. Run 'systemctl daemon-reload' to reload units.
● user-1000.slice - User Slice of UID 1000
Loaded: loaded (/lib/systemd/system/user-1000.slice; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/user-.slice.d
└─10-defaults.conf
Active: active since Thu 2020-07-09 07:37:28 UTC; 1h 8min ago
Docs: man:systemd.special(7)
man:[email protected](5)
Tasks: 7 (limit: 5237)
Memory: 5.4M
CGroup: /user.slice/user-1000.slice
├─session-15.scope
│ ├─1089 sshd: jan [priv]
│ ├─1107 sshd: jan@pts/1
│ ├─1108 -bash
│ ├─1113 systemctl status user-1000.slice
│ └─1114 pager
└─[email protected]
└─init.scope
├─1092 /lib/systemd/systemd --user
└─1093 (sd-pam)
但是,MemoryHigh没有设置:
$ systemctl show user-1000.slice
Slice=user.slice
ControlGroup=/user.slice/user-1000.slice
...
MemoryHigh=infinity
...
我似乎已经很接近了,但肯定还缺少了一些东西——那是什么?
答案1
您错过了屏幕上显示的警告:
Warning: The unit file, source configuration file or drop-ins of user-1000.slice changed on disk. Run 'systemctl daemon-reload' to reload units.
当您更改 systemd 单元时,必须systemctl daemon-reload让 systemd 重新读取它们。此外,受影响的单元需要重新启动。
也就是说,如果你想让更改适用于所有用户,你可能应该改用覆盖user.slice。当然,你永远不应该编辑系统附带的文件,而是使用覆盖,方法是插入文件。