OS: CachyOS (Arch-based Linux Distro)
Docker Version: 28.1.1
Cgroup Driver: systemd
Cgroup Version: 2
Why isn't the JVM running inside the container picking the memory limits as I would expect? If I run
docker run --rm -m 1gb public.ecr.aws/amazoncorretto/amazoncorretto:24 java -XshowSettings:vm -version
This is the result:
VM settings:
Max. Heap Size (Estimated): 15.68G
Using VM: OpenJDK 64-Bit Server VM
openjdk version "24.0.1" 2025-04-15
OpenJDK Runtime Environment Corretto-24.0.1.9.1 (build 24.0.1+9-FR)
OpenJDK 64-Bit Server VM Corretto-24.0.1.9.1 (build 24.0.1+9-FR, mixed mode, sharing)
16GB of RAM (25% of my host) is being presented to my container or the JVM somehow isn't picking up the restrictions.
With this command I would expect to see atmost 250MB of Max Heap Size, but the restrictions are not working.
Any idea on how to fix it?
After testing on a AWS EC2 instance, worked as expected:
[ec2-user@ip-172-31-47-20 ~]$ docker run --rm -m 1gb public.ecr.aws/amazoncorretto/amazoncorretto:24 java -XshowSettings:vm -version
VM settings:
Max. Heap Size (Estimated): 247.50M
Using VM: OpenJDK 64-Bit Server VM
openjdk version "24.0.1" 2025-04-15
OpenJDK Runtime Environment Corretto-24.0.1.9.1 (build 24.0.1+9-FR)
OpenJDK 64-Bit Server VM Corretto-24.0.1.9.1 (build 24.0.1+9-FR, mixed mode, sharing)
I really don't understand why it does not work on my personal computer. My best guess is that it is some limitation of the Distro I'm using or something wrong with my Docker installation or something wrong with my cgroup configurations.
Adding -Xlog:os+container=trace outputs this:
docker run --rm -m 1g public.ecr.aws/amazoncorretto/amazoncorretto:24 java -Xlog:os+container=trace -XshowSettings:vm -version
[0.003s][trace][os,container] OSContainer::init: Initializing Container Support
[0.003s][debug][os,container] Detected optional pids controller entry in /proc/cgroups
[0.003s][debug][os,container] controller cpuset is not enabled
[ ]
[0.003s][debug][os,container] controller memory is not enabled
[ ]
[0.003s][debug][os,container] One or more required controllers disabled at kernel level.
VM settings:
Max. Heap Size (Estimated): 15.68G
Using VM: OpenJDK 64-Bit Server VM
openjdk version "24.0.1" 2025-04-15
OpenJDK Runtime Environment Corretto-24.0.1.9.1 (build 24.0.1+9-FR)
OpenJDK 64-Bit Server VM Corretto-24.0.1.9.1 (build 24.0.1+9-FR, mixed mode, sharing)
Well this might be a hint. cgroups memory controller is not enabled (maybe something related to systemd controllers???)
You are affected by the JVM bug JDK-8347811.
In short, JVM uses /proc/cgroups to find available cgroup controllers, even though it is deprecated in cgroup v2.
Linux Kernel 6.12 includes a change that makes /proc/cgroups no longer usable for this purpose, causing "controller is not enabled" errors in JVM logs.
The bug has been fixed in JDK 25.
A workaround suggested here is to rebuild kernel with CONFIG_CPUSETS_V1=y.