LEdoian
/
recodex-wiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cpusets isolate feature

Browse Source
master
Martin Polanka 8 years ago
parent eb219b9562
commit 29cbcaacbe
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File

22
Worker.md
Unescape Escape View File

@ -251,7 +251,27 @@ To add a new worker you need to do a few steps:
## Sandboxes ## Sandboxes
TODO
### Isolate
Isolate is used as one and only sandbox for linux-based operating systems. Headquarters of this project can be found at [https://github.com/ioi/isolate](https://github.com/ioi/isolate) and more of its installation and setup can be found in [Installation](#installation) section.
// TODO: further desc
#### Limit isolate boxes to particular cpu or memory node
New feature in isolate is possibility of limit isolate box to one or more cpu or memory node. This functionality is provided by cpusets kernel mechanism and is now integrated in isolate. It is allowed to set only `cpuset.cpus` and `cpuset.mems` which should be just fine for sandbox purposes. As kernel functionality further description can be found in manual page of cpuset or in linux documentation in section `linux/Documentation/cgroups/cpusets.txt`. As previously stated this settings can be applied for particular isolate boxes and has to be written in isolate configuration. Standard configuration path should be `/usr/local/etc/isolate` but it may depend on your installation process. Configuration of cpuset in there is really simple and is described in example below.
```
box0.cpus = 0 # assign processor with id 0 to isolate box with id 0
box0.mems = 0 # assign memory node with id 0
# if not set linux by itself will decide where should sandboxed program run
box2.cpus = 1-3 # assign range of processors to isolate box with id 2
box2.mems = 4-7 # assign range of memory nodes
box3.cpus = 1,2,3 # assign list of processors to isolate box with id 3
```
**cpuset.cpus:** Cpus limitation will restrict sandboxed program only to processor threads set in configuration. On hyperthreaded processors this means that all virtual threads are assignable not only the physical ones. Value can be represented by single one, list of values separated by commas or range with hyphen delimiter.
**cpuset.mems:** This value is particularly handy on NUMA systems which has several memory nodes. On standard desktop computers this value should always be zero because only one independent memory node is present. As stated in `cpus` limitation there can be single value, list of values separated by comma or range stated with hyphen.
## Cleaner ## Cleaner

Write Preview
Loading…
Cancel
Save