Systemd #
systemd-cgls
: Get apstree
-like output of all processes, with their associated Systemd units, from which we can know the session ID of any logged-in user and enforce resource control.systemd-run
: Run a command in a on-fly Systemd unit:
# Enforcing memory limit via CGroup, run with dynamic non-root user
systemd-run -t -p DynamicUser=yes \
-p MemoryMax=600M \
/bin/sh -c "cd /root; ./test.sh"
DBus interface #
Get DBus interface URI:
sudo busctl tree org.freedesktop.systemd1
With a URI obtained from above: /org/freedesktop/systemd1/unit/session_2dc18_2escope
, we can
get its current property list.
sudo busctl introspect org.freedesktop.systemd1 /org/freedesktop/systemd1/unit/session_2dc18_2escope
Set CGroup resource limit:
# Set CPUQuota = 10%
sudo gdbus call --system --dest org.freedesktop.systemd1 --object-path /org/freedesktop/systemd1/unit/session_2dc20_2escope \
--method org.freedesktop.systemd1.Unit.SetProperties true "[('CPUQuotaPerSecUSec', <@t 100000>)]"
# Set MemoryMax = 4G
sudo gdbus call --system --dest org.freedesktop.systemd1 --object-path /org/freedesktop/systemd1/unit/session_2dc20_2escope \
--method org.freedesktop.systemd1.Unit.SetProperties true "[('MemoryMax', <@t 4000000000>)]"
Services accessible from DBus:
gdbus call --system --dest org.freedesktop.DBus --object-path /org/freedesktop/DBus --method org.freedesktop.DBus.ListNames