2

I have a pids.max limit set to 400, I want to set it to max

It is found in /sys/fs/cgroup/pids/pids.max, 

sudo cgget -g pids:/
/:
pids.current: 278
pids.max: 400

I would think that I could set it by running the following command, but pids.max stays at 400.

$ sudo cgset -r pids.max=500 pids:/
$ sudo cgget -g pids:/
/:
pids.current: 278
pids.max: 400

How do I change pids.max?

Azeirah
  • 161
  • 6

1 Answers1

3

It's a syntax problem.

man cgset tells:

SYNOPSIS

cgset [-r <name=value>] <cgroup_path> ...
cgset --copy-from <source_cgroup_path> <cgroup_path> ...

the cgroup_path for your case is /, not uids:/. cgset will silently do nothing and return no error when applied on an non-existing cgroup. This can be verified with strace (using strace -e trace=open,openat,close,write):

non-working cgset -r pids.max=max pids:/:

[...]
openat(AT_FDCWD, "/sys/fs/cgroup/pids/pids:/pids.max", O_RDWR|O_CLOEXEC) = -1 ENOENT (No such file or directory)
+++ exited with 0 +++

working cgset -r pids.max=max /:

[...]
openat(AT_FDCWD, "/sys/fs/cgroup/pids/pids.max", O_RDWR|O_CLOEXEC) = 3
write(3, "max", 3)                      = 3
close(3)                                = 0
+++ exited with 0 +++

Of course you could also write directly from shell to this pseudo-file to do the same, but using sudo makes it more complicated (eg: having to use the tee command rather than a shell redirection).

A.B
  • 11,090
  • 2
  • 24
  • 45
  • Thank you for your answer, but even with the right syntax the pids.max value remains at 400! I run this command `sudo cgset -r pids.max=max /`. – Azeirah May 03 '20 at 13:23
  • Running `echo 'max' | sudo tee /sys/fs/cgroup/pids/pids.max` gives me a tee error, 'Actie is niet toegestaan', which translates to `action is not permitted/allowed` – Azeirah May 03 '20 at 13:29
  • Actually, I think the problem might be my server provider. I found [this StackOverflow post](https://stackoverflow.com/a/61074853/2302759) saying that the server provider limited their max tasks to 700, it makes no sense that my pids.max is set to 400 anyway, and I can't edit the value. I even noticed that the cgroup fs was set to read-only, but remounting it to rw still made no difference. – Azeirah May 03 '20 at 13:58
  • Yes running an unprivileged/rootless (user namespace) LXC container gets me an `EACCESS` error when writing to the pids.max. Which makes sense. But for your case it's perhaps `EPERM`? Anyway, combined with the "never return an error" used by the command gets that it won't do anything and won't tell it. – A.B May 03 '20 at 15:08
  • Entering mount+pid+cgroups (and no others) namespaces (using something like `nsenter -t $(su -c 'lxc info -Hp -n user-buster-amd64' user) -p -m -C cgset -r pids.max=500 /` from the real host root user allows to change it. That's clearly something at the hands of the provider. – A.B May 03 '20 at 16:12