How to limit lxc container cpu and memory (cgroup)?

Installing and Using OpenWrt
1

I want to soft limit cpu (80%) and hard limit memory to 2GB.
'free -h' in container always shows full memory. The limit doesn't work. Container is unprivileged.
Any idea how to get this working?

I've set this in lxc container 'config':

lxc.cgroup2.memory.max = 2048M

This is the host config:

$ cat /sys/fs/cgroup/cgroup.controllers
cpuset cpu io memory pids rdma

$ ll /sys/fs/cgroup
total 0
dr-xr-xr-x  9 root root   0 Sep 25  2024 .
drwxr-xr-x  6 root root   0 Sep 25  2024 ..
drwxr-xr-x  2 root root   0 Apr 20 19:24 lxc.monitor.ubuntu
drwxrwxr-x  6 root 100000 0 Apr 24 00:11 lxc.payload.ubuntu
drwxr-xr-x  2 root root   0 Apr 20 19:23 lxc.pivot
drwx------ 25 root root   0 Apr 23 23:52 services
dr-xr-xr-x  7 root root   0 Sep 25  2024 systemd
-r--r--r--  1 root root   0 Apr 20 19:24 cgroup.controllers
-rw-r--r--  1 root root   0 Apr 23 23:52 cgroup.max.depth
-rw-r--r--  1 root root   0 Apr 23 23:52 cgroup.max.descendants
-rw-r--r--  1 root root   0 Apr 23 23:52 cgroup.procs
-r--r--r--  1 root root   0 Apr 23 23:52 cgroup.stat
-rw-r--r--  1 root root   0 Apr 20 19:24 cgroup.subtree_control
-rw-r--r--  1 root root   0 Apr 20 19:24 cgroup.threads
-r--r--r--  1 root root   0 Apr 23 23:52 cpu.stat
-r--r--r--  1 root root   0 Apr 23 23:52 cpuset.cpus.effective
-r--r--r--  1 root root   0 Apr 23 23:52 cpuset.mems.effective
-r--r--r--  1 root root   0 Apr 23 23:52 io.stat
-r--r--r--  1 root root   0 Apr 23 23:52 memory.stat
2

So the available column is showing 0 or nearly so? Do processes die OOM constantly, or what symptoms are you seeing?

3

It shows this. I'm not sure though if it should show 2GB here at all (4GB is installed memory).

$ free -h
               total        used        free      shared  buff/cache   available
Mem:           3.7Gi       713Mi        83Mi       1.7Gi       2.9Gi       1.2Gi
Swap:             0B          0B          0B

I have a camera capturing software installed that saves round-robin into tmpfs (that's why buff/cache is so high). If i screw up settings when fiddling with 4k resolutions memory consumption might shoot up in the air resulting into locking up the whole system partially (OpenWrt routing still works but SSH access for example needs several minutes until it connects to kill lxc). Thus i want to hard limit LXC to be on the safe side.

I've noticed that cgroup legacy (/sys/fs/cgroup/systemd) is also mounted so i unmounted it manually.
https://github.com/openwrt/packages/issues/25424

In LXC (Ubuntu 22.04 Jammy) i've checked this:

$ cat /sys/fs/cgroup/memory.max
2147483648

So it looks like the LXC config lxc.cgroup2.memory.max seems to be in effect but i'm not sure if this is the correct setting.