Recent searches
Search options
*limit the whole virtual address space for the process.*
This is nice and easy but not fully correct. We can’t limit whole virtual address space of a process to 1 MB – we won’t be able to map kernel and libs.
Second is to limit heap size. This is not so easy and seems like nobody tries to do this because the only reasonable way to do this is playing with the linker. But for limiting available memory to such small values like 1 MiB it will be absolutely correct.
Kernel space is flagged in the page tables as exclusive to privileged code (ring 2 or lower), hence a page fault is triggered if user-mode programs try to touch it. In Linux, kernel space is constantly present and maps the same physical memory in all processes. Kernel code and data are always addressable, ready to handle interrupts or system calls at any time. By contrast, the mapping for the user-mode portion of the address space changes whenever a process switch happens
#linux
https://alex.dzyoba.com/blog/restrict-memory/
https://manybutfinite.com/post/anatomy-of-a-program-in-memory/
@xameer Out of curiosity: What about podman?
@hexaheximal I am familiar with cqu quota/resource constraints ( including total memory) one can configure with that. But how does that imply limiting the addr space of any individual ps I run on it?
Besides being lightweight, won't it crash more often than not?
While we re at it , could you also explain pdoman cgroup namespaces in layman terms , ie the purpose, upside, use-cases etc?
even the clear refs ll help
-- noob