Add racct/rctl support #8
Comments
|
I can't speak for @samuelkarp (obviously), but one thing that's been discussed in the #freebsd channel on the CNCF Slack is that this project is going to be a great place to figure out what runtime-spec changes make sense to properly support FreeBSD within the OCI, so with my OCI runtime-spec maintainer hat on (although also with the caveat that I'm very, very green when it comes to FreeBSD), I think this is a great place to start this conversation. If this is something that's really common for limiting FreeBSD jails and requires support within the runtime to accomplish correctly, it absolutely makes sense to have that as part of the FreeBSD-specific bits of the OCI runtime spec. 😄 |
|
@tianon did a good job of channeling what I was going to say, but I'll use my own words too 😄
So first things first: I absolutely consider extensions to the OCI specs (runtime, image, and distribution if applicable) to be within the scope of this project; I'm very much in favor of using runj to prove out these changes before coming together and proposing changes to the specifications formally.
What's the relationship between rlimits and
Extending the bundle config is definitely the route I think is appropriate, rather than adding a separate configuration file. However, there is a change I'd suggest to the commit you currently have in that branch: OS-specific extensions are embedded within OS-specific structs in the bundle config. If you look at the upstream struct you'll see that there are three specific fields for each of |
Oh, one more thing: I think @tianon meant to refer to the OCI Slack: https://chat.opencontainers.org/ |
rctl/racct is FreeBSD specific, unlike rlimits. rlimits are also applied to a single process from within the process, whereas racct limits can be applied to an entire jail. I believe the best documentation is the man pages, yes. I've added the FreeBSD field and opened a PR now, so you can have a look there and let me know your thoughts. |
The OCI runtime spec has support for rlimits under the process configuration. However, these limits are fairly minimal. FreeBSD has more resource limits, which can be applied to jails through
rctl. It might be useful to add support for these racct limits to runj, even though it is not in the OCI specification.To accomplish this, we'd add a new configuration option, structured similarly to the existing "rlimits" option in the spec. Then, it is a matter of adding a function that formats the
rctlrule and callsrctlfrom the operating system, which would be called in thecreatecommand. I have an example of what this would look like here: https://github.com/cyrilzhangfreebsd/runj/tree/racctAlternatively, we could add a new configuration file separate from
config.jsonto contain configuration that is outside of the OCI spec.Finally, I understand if you consider this enhancement to be outside of the project's scope. If you would not mind, I'd appreciate if you could provide some feedback on the changes I linked above, as I would continue to make experimental out-of-scope changes on my fork.
The text was updated successfully, but these errors were encountered: