> Tangent, but the 2nd point is intriguing. How does one use cgroups to set up resource limitations? Is there any kind of decent front-end? I've seen the kernel documentation, but how do I use it?
That looks interesting for some use-cases, but I don't see a way to use it to assign limits to users, or to processes that aren't started as systemd services. What I have in mind is that I give someone ssh access, they run R or matlab or from the command line, but limited to 512mb (or 1Gb or whatever) of total memory.
On RHEL systems you can use the 'cgred' service to classify processes based on the user running it or the command itself. For example, say you have user X who always logs in and runs rsync commands and saturates the link. You can automatically classify this user or rsync process into a cgroup that throttles the network IP (or in your use case, memory) -- problem solved.
Use systemd: http://0pointer.de/blog/projects/resources.html
Systemd makes these kernel features finally usable.