Created attachment 1003887 [details]
limits.conf test log
Description of problem: limits.conf items rss and memlock not effective but as is
Version-Release number of selected component (if applicable): pam-1.1.1-20.el6.x86_64
How reproducible: Yes
1.set values in /etc/security/limits.conf (one set at a time)
* soft rss 4194304
* hard rss 5242880
2. log on as a regular user
3.run a program to allocate memory
4.use top to monitor the amount of memory used and find memory usage not restricted to the limit set. Log out
5. repeat step 1 - 4, but with different sets of items
* soft memlock 4194304
* hard memlock 5242880
6. repeat step 1 - 4, with items being "as"
* soft as 524288000
* hard as 629145600
Resident memory 23G
Resident memory 4G
With items being "as", virtual memory is correctly limited to 500GB.
The rss is documented to be ineffective and memlock limits a different thing. I don't see a bug here.
Inside limits.conf, it describes:
<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open files
# - rss - max resident set size (KB)
Please can you explain what memlock really does?
If we need to restrict users from having a limit on the resident memory,
what item, if not memlock, should be used?
I don't think there is limit equivalent to rss. Memlock is for locked-in memory not for any resident memory that can be paged out.
Perhaps cgroups could help you.