How do I set cgroup limits for systemd user slices?

Question

I would like to limit usage of a system on a per user basis. Since Systemd has native support for cgroups, I think using user slices is the way to go.

The problem is: I can't figure out how to set individual limits. I can edit the user.slice unit file to set limits that collectively apply to all user slices, but I don't see a way to template these user slices.

I can override these settings for individual users by creating a user-(uid).slice unit file, but I would prefer to apply limits by default to all users.

Is it possible to set default limits?

Edit: After poking around some more, I found the unit files for the user slices are created in /run/systemd/system/.

[foo@bar Downloads]$ systemctl cat user-1000.slice
# /run/systemd/system/user-1000.slice
# Transient stub

# /run/systemd/system/user-1000.slice.d/50-After-systemd-logind\x2eservice.conf
[Unit]
After=systemd-logind.service
# /run/systemd/system/user-1000.slice.d/50-After-systemd-user-sessions\x2eservice.conf
[Unit]
After=systemd-user-sessions.service
# /run/systemd/system/user-1000.slice.d/50-Description.conf
[Unit]
Description=User Slice of foo
# /run/systemd/system/user-1000.slice.d/50-TasksMax.conf
[Slice]
TasksMax=infinity

These files are constructed by this segment of code in systemd: https://github.com/systemd/systemd/blob/401e33ed56f3cd3736bbab02ca6eb31aa592cf53/src/login/logind-dbus.c#L2928-L2998

The creation of this file seems to be hard coded into the systemd source and doesn't allow for templates.

This remains [an open issue in systemd](https://github.com/systemd/systemd/issues/2556). — Michael Hampton, Nov 30 '17 at 21:20
@MichaelHampton Thanks for linking that issue. Looks like I have my answer, and that answer is "no", at least not with Systemd — Steve F, Nov 30 '17 at 21:59
systemd v239 closed the issue, apparently now you can create an dropin directory such as "user-.slice.d". — John Mahowald, Oct 04 '20 at 17:35

score 2 · Answer 1 · answered Apr 27 '19 at 13:56

This worked for me on Ubuntu 16.04:

Edit /etc/systemd/logind.conf and set

UserTasksMax=12299

After rebooting my machine I could see the above value set (1000 is my UID):

cat /sys/fs/cgroup/pids/user.slice/user-1000.slice/pids.max
12299

Extract form man logind.conf:

   UserTasksMax=
       Sets the maximum number of OS tasks each user may run concurrently. This controls the TasksMax= setting of the per-user slice unit, see systemd.resource-control(5) for details. Defaults to 12288
       (12K). If assigned the special value "infinity", no tasks limit is applied.

score 0 · Answer 2 · answered Oct 30 '18 at 23:17

This worked for me in Ubuntu 18.04:

1) Edit /data/repos/mhservers/etc/pam.d/common-session and add:

session  optional  pam_systemd.so

2) Edit /etc/security/limits.d/somename.conf and set

someuser  soft  nofile  1024000
someuser  hard  nofile  1024000

3) Lookup UID using id -u someuser

4) Execute systemctl restart user@[UID].service

To verify someuser can execute systemctl --user show somesvr.service | grep NOFILE

How do I set cgroup limits for systemd user slices?

2 Answers2

Linked