On Wed, 18.02.15 12:48, Mikhail Morfikov ([email protected]) wrote: Sorry for the late reply, still working on keeping up with the piles of mail that queued up.
> What is the best way to set cgroup limits for user processes? I mean the > individual processes. I know that you can set limits for user.slice, but > how to set limits for, let's say, firefox? We simply do not support this right now. Unprivileged users do not get access to the cgroup properties of the various controllers right now, simply because this is unsafe. We can open this up one day, bit by bit but this requires some kernel work, and an OK from Tejun that this is safe. > BTW, one more thing. Is there a way to set a mark for network packets > using unit services? I really need this feature, but I couldn't find > any useful information on this subject. Daniel is working on adding native support for this via the net_cls cgroup controller, but in the process he noticed that the kernel support for this is actually quite broken, and there's work now going on to fix the kernel first. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
