参考:
https://www.cnblogs.com/garyw/archive/2004/01/13/12769420.html
https://blog.csdn.net/lanyang123456/article/details/81414198?utm_medium=distribute.pc_relevant.none-task-blog-baidujs_title-2&spm=1001.2101.3001.4242
https://www.cnblogs.com/doscho/p/6041036.html
一、安装cgroup
[root@i-pikqt7cs ~]# rpm -ivh libcgroup-0.41-21.el7.x86_64.rpm [root@i-pikqt7cs ~]# rpm -ivh libcgroup-tools-0.41-21.el7.x86_64.rpm (有网的情况下,直接yum install -y libcgroup-tools)
二、将用户统一加到同一个用户组shaxiang中
[root@i-pikqt7cs home]# groupadd shaxiang [root@i-pikqt7cs home]# usermod ceshi -G shaxiang [root@i-pikqt7cs home]# usermod test -G shaxiang [root@i-pikqt7cs home]# usermod htsd -G shaxiang
三、配置cgroup规则
注:测试限制沙箱用户占用的总内存不超过200M
[root@i-pikqt7cs ~]# vi /etc/cgconfig.conf group groups_mem_limit { memory { memory.limit_in_bytes = 200000000; } }
四、将规则应用给用户组shaxiang
[root@i-pikqt7cs ~]# vi /etc/cgrules.conf
@shaxiang memory groups_mem_limit/
五、启动服务
[root@i-pikqt7cs ~]# systemctl start cgconfig.service [root@i-pikqt7cs ~]# systemctl start cgred.service [root@i-pikqt7cs ~]# systemctl enable cgconfig.service [root@i-pikqt7cs ~]# systemctl enable cgred.service
cgconfig是配置服务, cgred是规则引擎daemon,主要用到cgconfigparser和cgrulesengd这两个命令
六、测试验证
三个用户启动的进程占用总内存不超过200M
