Limit CPU and Memory to Firefox and chrome web-browser on a Linux desktop
5 min readMar 3, 2022
Google Chrome and Firefox web browsers make extensive use of Memory and CPU utilization when multiple tabs are opened. It is not possible to limit ourselves to a certain number of tabs but we can limit the resource utilization for these browsers diligently and to make sure they don’t cross the assigned limit.
Using systemd’s transient scope units one can allocate a certain amount of memory and CPU shares to Firefox and chrome web-browser applications. systemd’s transient Units are only allowed for a super user(root) hence the need is to first allow the user or group that wants this feature.
Add the following polkit rule in /etc/polkit-1/rules.d/60-systemd-manage.rules file. The following rule makes sure that the user ‘test’ is allowed to start systdmd Units. Change the username of your choice.
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
subject.user == "test") {
return polkit.Result.YES;
}
});Alternatively, a group of users can be granted the same privileges through the same rule with just a little modification. Make sure the user is part of the ‘admin’ group.
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
subject.isInGroup("admin")) {
return polkit.Result.YES;
}
});Now login to the test user account and validate if the user can start and stop systemd services.
$ systemctl restart sshd
[test@localhost ~]$ systemd-run --scope sleep 30
Running scope as unit run-2845.scope.Now modify the Gnome Launcher file of firefox or chrome from /usr/share/applications directory. Modify the Exec parameter as below to set 5G Memory limit and give 200 CPU cycles limit for to firefox and chrome. Generally 1024 CPU cycles is equivalent to 1 CPU. Giving 2048 CPU cycles would allow chrome and Firefox to use two CPUs if required.
Firefox: /usr/share/applications/firefox.desktop From:
Exec=/home/test/firefox/firefox %u
To:
Exec=systemd-run --scope -p CPUShares=200 -p MemoryLimit=5G /home/test/firefox/firefox %u
Chrome: /usr/share/applications/google-chrome.desktopFrom:
#Exec=/usr/bin/google-chrome-stable %U
To:
Exec=systemd-run --scope -p CPUShares=200 -p MemoryLimit=5G /usr/bin/google-chrome-stable %U
Exec=systemd-run --scope -p CPUShares=200 -p MemoryLimit=5G /usr/bin/google-chrome-stable
Exec=systemd-run --scope -p CPUShares=200 -p MemoryLimit=5G /usr/bin/google-chrome-stable --incognito
Now logout from the gnome session and then re-login to validate the feature.
Test Result
⌊~⌋»# systemctl list-units --type scope
UNIT LOAD ACTIVE SUB DESCRIPTION
run-14110.scope loaded active running /home/test/firefox/firefox
run-7265.scope loaded active running /usr/bin/google-chrome-stable
⌊~⌋»# systemctl status run-14110.scope
● run-14110.scope - /home/test/firefox/firefox
Loaded: loaded (/run/systemd/system/run-14110.scope; static; vendor preset: disabled)
Drop-In: /run/systemd/system/run-14110.scope.d
└─50-CPUShares.conf, 50-Description.conf, 50-MemoryLimit.conf
Active: active (running) since Wed 2022-03-02 23:22:17 IST; 1min 4s ago
Tasks: 220
Memory: 455.4M (limit: 5.0G)
CGroup: /system.slice/run-14110.scope
├─14110 /home/test/firefox/firefox
├─14199 /home/test/firefox/firefox-bin -contentproc -parentBuildID 20220216172458 -prefsLen 1 -prefMapSize 258917 -appDir /home/test/firefox/browser 14110 true socket
├─14231 /home/test/firefox/firefox-bin -contentproc -childID 1 -isForBrowser -prefsLen 65 -prefMapSize 258917 -jsInitLen 279340 -parentBuildID 20220216172458 -appDir /home/test/firefox/browser ...
├─14281 /home/test/firefox/firefox-bin -contentproc -childID 2 -isForBrowser -prefsLen 4947 -prefMapSize 258917 -jsInitLen 279340 -parentBuildID 20220216172458 -appDir /home/test/firefox/browse...
├─14344 /home/test/firefox/firefox-bin -contentproc -childID 3 -isForBrowser -prefsLen 5669 -prefMapSize 258917 -jsInitLen 279340 -parentBuildID 20220216172458 -appDir /home/test/firefox/browse...
├─14346 /home/test/firefox/firefox-bin -contentproc -childID 4 -isForBrowser -prefsLen 5669 -prefMapSize 258917 -jsInitLen 279340 -parentBuildID 20220216172458 -appDir /home/test/firefox/browse...
└─14361 /home/test/firefox/firefox-bin -contentproc -childID 5 -isForBrowser -prefsLen 5669 -prefMapSize 258917 -jsInitLen 279340 -parentBuildID 20220216172458 -appDir /home/test/firefox/browse...
⌊~⌋»# systemctl status run-7265.scope
● run-7265.scope - /usr/bin/google-chrome-stable
Loaded: loaded (/run/systemd/system/run-7265.scope; static; vendor preset: disabled)
Drop-In: /run/systemd/system/run-7265.scope.d
└─50-CPUShares.conf, 50-Description.conf, 50-MemoryLimit.conf
Active: active (running) since Wed 2022-03-02 18:36:24 IST; 4h 47min ago
Tasks: 245
Memory: 1.1G (limit: 5.0G)
CGroup: /system.slice/run-7265.scope
├─ 7265 /opt/google/chrome/chrome --enable-crashpad
├─ 7273 cat
├─ 7274 cat
├─ 7276 /opt/google/chrome/chrome_crashpad_handler --monitor-self --monitor-self-annotation=ptype=crashpad-handler --database=/home/test/.config/google-chrome/Crash Reports --metrics-dir=/home/rs...
├─ 7278 /opt/google/chrome/chrome_crashpad_handler --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler --database=/home/test/.config/google-chrome/Crash Reports --url=https://cli...
├─ 7284 /opt/google/chrome/chrome --type=zygote --no-zygote-sandbox --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --change-stack-guard-...
├─ 7287 /opt/google/chrome/chrome --type=zygote --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --change-stack-guard-on-fork=enable --ena...
├─ 7288 /opt/google/chrome/nacl_helper
├─ 7291 /opt/google/chrome/chrome --type=zygote --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --change-stack-guard-on-fork=enable --ena...
├─ 7312 /opt/google/chrome/chrome --type=gpu-process --field-trial-handle=16974115564418688475,6173061062995461587,131072 --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c...
├─ 7314 /opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=16974115564418688475,6173061062995461587,131072 --lang=en-US --service-sandbox-...
├─ 7317 /opt/google/chrome/chrome --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=16974115564418688475,6173061062995461587,131072 --lang=en-US --service-sandbox-...
├─ 7478 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --extension-process --display-capture-p...
├─ 7498 /opt/google/chrome/chrome --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=16974115564418688475,6173061062995461587,131072 --lang=en-US --service-sandbox-type...
├─ 8653 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─ 9114 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─ 9137 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─12906 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─12941 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─13155 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─13195 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─13215 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─13250 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─13266 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
├─13483 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...
└─13548 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=7276 --enable-crash-reporter=42d6c93e-3ccf-41c3-bb8f-91bb21b2f56f, --display-capture-permissions-policy-al...Now execute the systemd-cgtop command to monitor the utilization of firefox and chrome browsers.
