Vminitd: Write cgroup limits (#322)

Fixes #320

Today we don't actually setup any cgroup limits, as because there's a
1-1 mapping from container<->vm we can just use the VMs resources as the
limit (can't use more than 1GB if that's all the guest sees :) ).
However, if we ever supported > 1 container in the guest it'd be
necessary to actually setup the cg limits. This change just sets a
memory limit and cpu toggles to match whatever was specific for the
container.

Author: dcantah

Sources/Containerization/LinuxContainer.swift

@@ -467,6 +467,19 @@ public final class LinuxContainer: Container, Sendable {
         // Linux toggles.
         spec.linux?.sysctl = config.sysctl
 
+        // Resource limits.
+        // CPU: quota/period model where period is 100ms (100,000µs) and quota is cpus * period
+        // Memory: limit in bytes
+        spec.linux?.resources = LinuxResources(
+            memory: LinuxMemory(
+                limit: Int64(config.memoryInBytes)
+            ),
+            cpu: LinuxCPU(
+                quota: Int64(config.cpus * 100_000),
+                period: 100_000
+            )
+        )
+
         return spec
     }
 

Sources/ContainerizationOCI/Spec.swift

@@ -470,15 +470,15 @@ public struct LinuxCPU: Codable, Sendable {
     public var idle: Int64?
 
     public init(
-        shares: UInt64?,
-        quota: Int64?,
-        burst: UInt64?,
-        period: UInt64?,
-        realtimeRuntime: Int64?,
-        realtimePeriod: Int64?,
-        cpus: String,
-        mems: String,
-        idle: Int64?
+        shares: UInt64? = nil,
+        quota: Int64? = nil,
+        burst: UInt64? = nil,
+        period: UInt64? = nil,
+        realtimeRuntime: Int64? = nil,
+        realtimePeriod: Int64? = nil,
+        cpus: String = "",
+        mems: String = "",
+        idle: Int64? = nil
     ) {
         self.shares = shares
         self.quota = quota