sandbox: allow limiting the cpu usage

Author: pietroalbini

CHANGELOG.md

@@ -5,6 +5,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### Added
+
+- New method `SandboxBuilder::limit_cpu`
+
 ## [0.5.1] - 2020-01-31
 
 ### Fixed

src/cmd/sandbox.rs

@@ -121,6 +121,7 @@ pub struct SandboxBuilder {
     mounts: Vec<MountConfig>,
     env: Vec<(String, String)>,
     memory_limit: Option<usize>,
+    cpu_limit: Option<f32>,
     workdir: Option<String>,
     cmd: Vec<String>,
     enable_networking: bool,
@@ -134,6 +135,7 @@ impl SandboxBuilder {
             env: Vec::new(),
             workdir: None,
             memory_limit: None,
+            cpu_limit: None,
             cmd: Vec::new(),
             enable_networking: true,
         }
@@ -159,6 +161,17 @@ impl SandboxBuilder {
         self
     }
 
+    /// Enable or disable the sandbox's CPU limit. The value of the limit is the fraction of CPU
+    /// cores the sandbox is allowed to use.
+    ///
+    /// For example, on a 4-core machine, setting a CPU limit of `2.0` will only allow two of the
+    /// cores to be used, while a CPU limit of `0.5` will only allow half of a single CPU core to
+    /// be used.
+    pub fn cpu_limit(mut self, limit: Option<f32>) -> Self {
+        self.cpu_limit = limit;
+        self
+    }
+
     /// Enable or disable the sandbox's networking. When it's disabled processes inside the sandbox
     /// won't be able to reach network service on the Internet or the host machine.
     ///
@@ -215,6 +228,11 @@ impl SandboxBuilder {
             args.push(limit.to_string());
         }
 
+        if let Some(limit) = self.cpu_limit {
+            args.push("--cpus".into());
+            args.push(limit.to_string());
+        }
+
         if !self.enable_networking {
             args.push("--network".into());
             args.push("none".into());