debian进程如何进行资源隔离

在Debian系统中，有多种方法可以进行进程资源隔离。以下是一些常见的方法：

1. 使用 `cgroups`（控制组）

cgroups 是 Linux 内核提供的一种机制，用于限制、记录和隔离进程组的资源（CPU、内存、磁盘I/O等）。

安装 `cgroups` 工具

sudo apt-get update
sudo apt-get install cgroup-tools

创建一个新的控制组

sudo cgcreate -g memory:/mygroup

设置内存限制

echo "100M" | sudo tee /sys/fs/cgroup/memory/mygroup/memory.limit_in_bytes

将进程添加到控制组

sudo cgclassify -g memory:mygroup <pid>

2. 使用 `systemd` 的 `slice`

systemd 提供了 slice 概念，可以用来隔离一组服务的资源。

创建一个新的 slice

sudo systemctl isolate myslice.slice

配置 slice 资源限制

编辑 /etc/systemd/system/myslice.slice 文件，添加资源限制配置：

[Slice]
MemoryLimit=100M
CPUQuota=50%

然后重新加载 systemd 配置并重启 slice：

sudo systemctl daemon-reload
sudo systemctl restart myslice.slice

3. 使用 `Docker`

Docker 是一个流行的容器化平台，可以用来隔离进程及其资源。

安装 Docker

sudo apt-get update
sudo apt-get install docker.io

运行一个容器

sudo docker run -it --memory="100m" --cpus="1.0" ubuntu:latest /bin/bash

4. 使用 `LXC`（Linux Containers）

LXC 是一种轻量级的虚拟化技术，可以用来隔离进程。

安装 LXC

sudo apt-get update
sudo apt-get install lxc

创建一个新的容器

sudo lxc-create -t download -n mycontainer -d ubuntu -- --dist ubuntu-bionic64

启动容器

sudo lxc-start -n mycontainer

设置资源限制

编辑容器的配置文件 /var/lib/lxc/mycontainer/config，添加资源限制配置：

lxc.cgroup.devices.allow = a
lxc.mount.auto = proc:rw sys:rw
lxc.mount.auto = devpts:rw
lxc.mount.auto = tmpfs:rw
lxc.mount.auto = tmpfs:ro
lxc.mount.auto = tmpfs:suid
lxc.mount.auto = tmpfs:exec
lxc.mount.auto = tmpfs:dev
lxc.mount.auto = tmpfs:mnt
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto = tmpfs:sbin
lxc.mount.auto = tmpfs:bin
lxc.mount.auto = tmpfs:devpts
lxc.mount.auto = tmpfs:sysfs
lxc.mount.auto = tmpfs:proc
lxc.mount.auto = tmpfs:run
lxc.mount.auto = tmpfs:lock
lxc.mount.auto = tmpfs:ipc
lxc.mount.auto = tmpfs:usr
lxc.mount.auto = tmpfs:opt
lxc.mount.auto = tmpfs:srv
lxc.mount.auto = tmpfs:home
lxc.mount.auto = tmpfs:root
lxc.mount.auto = tmpfs:boot
lxc.mount.auto = tmpfs:etc
lxc.mount.auto = tmpfs:var
lxc.mount.auto = tmpfs:lib
lxc.mount.auto = tmpfs:lib64
lxc.mount.auto = tmpfs:usr/local
lxc.mount.auto

0 赞

0 踩

1. 使用 cgroups（控制组）

安装 cgroups 工具