Remove support for deprecated kernel memory limit#50989
Merged
thaJeztah merged 2 commits intomoby:masterfrom Sep 17, 2025
Merged
Remove support for deprecated kernel memory limit#50989thaJeztah merged 2 commits intomoby:masterfrom
thaJeztah merged 2 commits intomoby:masterfrom
Conversation
kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4], producing a `ENOTSUP` in kernel v5.16. Support for this option was removed in runc and other runtimes, as various LTS kernels contained a broken implementation, resulting in unpredictable behavior. We deprecated this option in [moby/moby@b8ca7de], producing a warning when used, and actively ignore the option since [moby/moby@0798f5f]. Given that setting this option had no effect in most situations, we should just remove this option instead of continuing to handle it with the expectation that a runtime may still support it. Note that we still support RHEL 8 (kernel 4.18) and RHEL 9 (kernel 5.14). We no longer build packages for Ubuntu 20.04 (kernel 5.4) and Debian Bullseye 11 (kernel 5.10), which still have an LTS / ESM programme, but for those it would only impact situations where a runtime is used that still supports it, and an old API version was used. [kernel v5.4]: torvalds/linux@0158115f702b0ba208ab0 [moby/moby@b8ca7de]: moby@b8ca7de [moby/moby@0798f5f]: moby@0798f5f Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This option is no longer supported by runc, and is deprecated in the kernel. We removed support for this feature from all API versions, so it's better to also amend the docs for older API versions. [kernel v5.4]: torvalds/linux@0158115f702b0ba208ab0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
commented
Sep 16, 2025
| // KernelMemory specifies the kernel memory limit (in bytes) for the container. | ||
| // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes. | ||
| KernelMemory int64 `json:",omitempty"` | ||
| KernelMemoryTCP int64 `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes) |
Member
Author
There was a problem hiding this comment.
FWIW; we should also deprecate the KernelMemoryTCP; there originally was some back-and-forth if this should also be considered deprecated by the kernel, but all info I found looks to now be pointing to that being the case. runc already removed support for it; opencontainers/runc#3174, and the OCI marked it as deprecated; opencontainers/runtime-spec#1093
I'll create a tracking ticket for a follow-up
- edit: done: Deprecate / remove KernelMemoryTCP #50990
AkihiroSuda
approved these changes
Sep 17, 2025
Member
Author
|
Thx! I'll bring this one in, and have a look at the follow-up for |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
relates to:
memory.kmem.tcp.limit_in_bytesstill be supported? opencontainers/runc#3174remove support for deprecated kernel memory limit
kernel-memory limits are not supported in cgroups v2, and were obsoleted in kernel v5.4, producing a
ENOTSUPin kernel v5.16. Support for this option was removed in runc and other runtimes, as various LTS kernels contained a broken implementation, resulting in unpredictable behavior.We deprecated this option in moby@b8ca7de, producing a warning when used, and actively ignore the option since moby@0798f5f.
Given that setting this option had no effect in most situations, we should just remove this option instead of continuing to handle it with the expectation that a runtime may still support it.
Note that we still support RHEL 8 (kernel 4.18) and RHEL 9 (kernel 5.14). We no longer build packages for Ubuntu 20.04 (kernel 5.4) and Debian Bullseye 11 (kernel 5.10), which still have an LTS / ESM programme, but for those it would only impact situations where a runtime is used that still supports it, and an old API version was used.
api/docs: remove KernelMemory option from old API versions
This option is no longer supported by runc, and is deprecated in the kernel.
We removed support for this feature from all API versions, so it's better
to also amend the docs for older API versions.
- What I did
- How I did it
- How to verify it
- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)