@jpmens does not have an effect (app can allocate more than 2G), or "free doesn't show it"? I recall in the past the tools needed support for cgroups to show limits properly.
@jpmens
bash-5.1# cat /sys/fs/cgroup/memory.max
2147483648
bash-5.1# grep MemTotal /proc/meminfo
MemTotal: 32283904 kB
That's how it looks like here
@jpmens AFAIR free does not show the limit, because it is enforced by cgroups. However, for example the JVM or the golang memory manager have support for cgroups to figure out the actual amount of available/granted memory (and I guess others as well).
Not exactly intuitive but I guess it is how it is (same with Docker).
@jpmens oops, too slow. Did not see the other reply until just now.
@jpmens but I see no resemblance of that (memory.max) in any of the facts Ansible reports :(
@zhenech @jpmens AFAIK there's no non-hacky way to make /proc/meminfo report the cgroup-limited amount of memory available. Basically cgroup limits (on memory, CPU, etc) are invisible unless you specifically look, so it's easy to blow stuff up if you have a program that looks at eg total native CPU count.
(The terrible hack would be a systemd mount namespace of some sort and using it to bind mount a text file on /proc/meminfo. I think this'd be 'BindReadOnlyPaths=...'.)
@jpmens @cks well, there is https://linuxcontainers.org/lxcfs/introduction/ which *should* be able to do what you want, but I have no idea if it interacts well with podman
@jpmens @cks
user@debian12:~$ free -m
total used free shared buff/cache available
Mem: 5925 361 5342 2 454 5563
user@debian12:~$ podman run -ti --rm --memory 2G --mount type=bind,source=/var/lib/lxcfs/proc,destination=/proc centos:stream9
# free -m
total used free shared buff/cache available
Mem: 2048 3 1976 0 67 2044
@jpmens and you got blogged :)
https://www.die-welt.net/2025/06/using-lxcfs-together-with-podman/
@jpmens did you limit CPUs with --cpus, or just dropped it from the motd template?