New qubes user question/issue: firewall VM consuming unexpected amount of RAM
已查看 67 次
跳至第一个未读帖子
Jane Jok
2016年6月18日 17:01:162016/6/18
收件人 qubes-users
Hello!
I'm new to Qubes, but I did a fair stab at reading the docs and googling for stuff about firewall-vm
My question is thus:
is it normal for Firewall VM consume 1.5-1.8 GB RAM (after clean install, this is my first startup) ?
is there a way to reduce RAM consumption?
(I have just 4 GB ram on this box, and spending 1.5 GB on nothing but a firewall is a bit... unpleasant)
I'm new to Qubes, but I did a fair stab at reading the docs and googling for stuff about firewall-vm
My question is thus:
is it normal for Firewall VM consume 1.5-1.8 GB RAM (after clean install, this is my first startup) ?
is there a way to reduce RAM consumption?
(I have just 4 GB ram on this box, and spending 1.5 GB on nothing but a firewall is a bit... unpleasant)
J. Eppler
2016年6月18日 18:29:252016/6/18
收件人 qubes-users
Hello,
all VM's in Qubes consume a large amount of memory by default. You can restrict your firewall VM to 1 GB or less.
You can restrict the memory consummtion under 'Right click -> VM Settings -> Advanced' to Max. Memory ~1024 MB or less.
There is also a Unikernel solution. Unikernels are special purpose operating systems. Thomas Leonard created a Unikernel firewall for Qubes OS which runs perfectly fine with 30 MB of RAM.
You will find resources on how to do it here:
https://github.com/talex5/qubes-mirage-firewall
http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/
Best regards
J. Eppler
all VM's in Qubes consume a large amount of memory by default. You can restrict your firewall VM to 1 GB or less.
You can restrict the memory consummtion under 'Right click -> VM Settings -> Advanced' to Max. Memory ~1024 MB or less.
There is also a Unikernel solution. Unikernels are special purpose operating systems. Thomas Leonard created a Unikernel firewall for Qubes OS which runs perfectly fine with 30 MB of RAM.
You will find resources on how to do it here:
https://github.com/talex5/qubes-mirage-firewall
http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/
Best regards
J. Eppler
Alex
2016年6月18日 18:34:032016/6/18
收件人 Jane Jok、qubes-users
Certainly doesn't sound normal. Is this consistent, or did the next reboot return RAM usage to normal levels? In latter case I'd open a terminal in the firewallVM and use top -sc to see what's consuming all this memory.
Andrew David Wong
2016年6月19日 09:54:072016/6/19
收件人 Jane Jok、qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
You're probably just seeing the Qubes memory manager (qmemman) in
action. It automatically distributes all available memory across all
currently running VMs (including dom0). This is intended behavior. If
you start another VM or run a program in a VM that requires more
memory, it will dynamically adjust and reallocate the memory as
needed. It's recommended to let qmemman handle this rather than trying
to manipulate memory allocation manually.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXZqP4AAoJENtN07w5UDAwTHYP/1YYu1uK42EFtW9oNO0SPM55
VH7Lx/b/vjnZvMH/xKjg48dzXNLPS85e4LFud6TqVv+L6EDhtgalCRq0fHzc2Wre
cByMD8qYVq+biJ2XXqX20s6l9WoO7QJvBIxr02aIE8HLe6CCSpV3s/uFIWQcUI5C
beWzcTMnJQxcYRwSQzPydYQ/RJ6DNlOHlgllZyt5OHjD61OiMDniCnxFQJnVxEli
XZuJF4/Pxc+D0ZTWBwM5vkzBEwApgN7v7BKHSu3ODeVxMiQHAWicPP0TmMcFD9fL
XdNrRUlwK7/l+XLB3I7ldtQa/RFk5dMQr5YddCIL1kZ8uMKezEsTFePARvFiSxXl
9BWW2HW8kXeRbSswZ+CExJPpYGOto3h45LtHd19nzss9GnCxcPpTPV6JgPx1LOVc
fj4USVMGohs4oU1e3CdO5UsrDre3cub5JX5WTNxhSTwh8jkxN6RT3dnh/oOicZ9i
lHphMkUvDJ5uMgBvmDB15jMw3PjwTHq9mPLbuUKvT8IE6faZlx1LXJyJR+E3y/zW
IIR2t63tPtmuhwVw5SPttDTu3Nj/a2xKkrvas4noSvZNfF0RaZ0tBOclK0WPRR+X
LB0lf349jMAscXMJNpX5dnTnCzo7Ja3O9JYKPSaz4vR1CPoVU7h+54jOF/zXlhx9
0wGc9R+Ovy060AqDdPzA
=Paja
-----END PGP SIGNATURE-----
Hash: SHA512
action. It automatically distributes all available memory across all
currently running VMs (including dom0). This is intended behavior. If
you start another VM or run a program in a VM that requires more
memory, it will dynamically adjust and reallocate the memory as
needed. It's recommended to let qmemman handle this rather than trying
to manipulate memory allocation manually.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXZqP4AAoJENtN07w5UDAwTHYP/1YYu1uK42EFtW9oNO0SPM55
VH7Lx/b/vjnZvMH/xKjg48dzXNLPS85e4LFud6TqVv+L6EDhtgalCRq0fHzc2Wre
cByMD8qYVq+biJ2XXqX20s6l9WoO7QJvBIxr02aIE8HLe6CCSpV3s/uFIWQcUI5C
beWzcTMnJQxcYRwSQzPydYQ/RJ6DNlOHlgllZyt5OHjD61OiMDniCnxFQJnVxEli
XZuJF4/Pxc+D0ZTWBwM5vkzBEwApgN7v7BKHSu3ODeVxMiQHAWicPP0TmMcFD9fL
XdNrRUlwK7/l+XLB3I7ldtQa/RFk5dMQr5YddCIL1kZ8uMKezEsTFePARvFiSxXl
9BWW2HW8kXeRbSswZ+CExJPpYGOto3h45LtHd19nzss9GnCxcPpTPV6JgPx1LOVc
fj4USVMGohs4oU1e3CdO5UsrDre3cub5JX5WTNxhSTwh8jkxN6RT3dnh/oOicZ9i
lHphMkUvDJ5uMgBvmDB15jMw3PjwTHq9mPLbuUKvT8IE6faZlx1LXJyJR+E3y/zW
IIR2t63tPtmuhwVw5SPttDTu3Nj/a2xKkrvas4noSvZNfF0RaZ0tBOclK0WPRR+X
LB0lf349jMAscXMJNpX5dnTnCzo7Ja3O9JYKPSaz4vR1CPoVU7h+54jOF/zXlhx9
0wGc9R+Ovy060AqDdPzA
=Paja
-----END PGP SIGNATURE-----
Jane Jok
2016年6月20日 11:33:312016/6/20
收件人 qubes-users、summo...@gmail.com
Thank you Andrew!
It looks like it was indeed a memory balancing thing, so no reason for concern, I guess.
Franz
2016年6月20日 11:55:522016/6/20
收件人 J. Eppler、qubes-users
Seems interesting thanks, sometimes I wondered if there was any way to reduce the burden to have all these sysVMs always working.
But for most people, me included, changing a firewall without fully understanding it may be dangerous. We are dealing with some core element of Qubes security.
But for most people, me included, changing a firewall without fully understanding it may be dangerous. We are dealing with some core element of Qubes security.
So better to wait for some official, pre-installed and supported version of it, if any.
Best
Fran
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18e5e0a6-8dfd-49ab-974e-3447b3b71ea0%40googlegroups.com.
回复全部
回复作者
转发
0 个新帖子