Recently, I need a sandbox, which will run the user’s commands and programs. Recently, as a beginner of Docker, I want to use Docker to implement it.
But after looking at some data, I still don’t know how to limit the memory, CPU, disk, etc. of the Docker container.
I tried it yesterday.
-mParameters to limit memory, is a bit of a use. Use
-cIt seems not feasible to limit CPU. Run an Infinite
forkThe program dragged the whole system to death.
So I want to ask how it should be used.
-c does not mean to limit the CPU utilization rate, but the relative utilization rate of the CPU of a group of processes. it is a share ratio. your docker process only uses the unit defined by cgroups as a normal process and all other processes to perform CPU scheduling in the host, but the CPU limiting unit of the same cgroups will share the CPU utilization rate, so, If you have multiple docker processes in the same cgroups restriction unit, they will share usage, but cannot prevent them from jointly causing 100% CPU.