systemd provides a powerful tool,
systemd-run which can constrain how many system resources an application started by it can use. It can limit (non-exhaustive list) use of CPU, memory and disk. However, this powerful too is too complicated to use on the command line. A wrapper is required to make it easily accessible. Use case: running resource intensive tasks (such as backups, compression) without making the system (almost) unusable by the load generated by that task.
limit-low design goals:
- Do one thing and do it well.
- The one thing is to be a wrapper that limits system resources for wrapped
- Support being run as:
- in shell or script in pipes
- stdout, stderr, stdin interactive shell input/output
- graphical (GUI) applications
- Being as non-intrusive as possible. For example, not adding extraneous
output to stdout such as
“Running scope as unit: run-r0d607a8f35dc4dea909b830f9d922b99.scope”.
limit-low is a around
systemd-run parameters to run an
application with limited system resources.
systemd-run itself is using Linux
systemd upstream feature request:
To start graphical (GUI) applications such as Tor Browser it requires installation of package
dbus-user-session. The (non-)security impact of this is being discussed here: dbus - user vs system session.
sudo apt update sudo apt install dbus-user-session
Depending on the outcome of that discussion,
dbus-user-session will be installed by default in Kicksecure and Whonix or perhaps
systemd-run can be run with different parameters such as
--scope not requiring
--scope as alternative works but systemd tells:
--pty/--pipeis not compatible in timer or
Which would break
limit-low design goals.