| `--kernel-memory` | The maximum amount of kernel memory the container can use. The minimum allowed value is `6m`. Because kernel memory can't be swapped out, a container which is starved of kernel memory may block host machine resources, which can have side effects on the host machine and on other containers. See [`--kernel-memory` details](#--kernel-memory-details). |
| `--oom-kill-disable` | By default, if an out-of-memory (OOM) error occurs, the kernel kills processes in a container. To change this behavior, use the `--oom-kill-disable` option. Only disable the OOM killer on containers where you have also set the `-m/--memory` option. If the `-m` flag isn't set, the host can run out of memory and the kernel may need to kill the host system's processes to free memory. |
For more information about cgroups and memory in general, see the documentation
for [Memory Resource Controller](https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt).
### `--memory-swap` details
`--memory-swap` is a modifier flag that only has meaning if `--memory` is also
set. Using swap allows the container to write excess memory requirements to disk
when the container has exhausted all the RAM that's available to it. There is a
performance penalty for applications that swap memory to disk often.
Its setting can have complicated effects:
- If `--memory-swap` is set to a positive integer, then both `--memory` and
`--memory-swap` must be set. `--memory-swap` represents the total amount of
memory and swap that can be used, and `--memory` controls the amount used by
non-swap memory. So if `--memory="300m"` and `--memory-swap="1g"`, the
container can use 300m of memory and 700m (`1g - 300m`) swap.
- If `--memory-swap` is set to `0`, the setting is ignored, and the value is
treated as unset.
- If `--memory-swap` is set to the same value as `--memory`, and `--memory` is
set to a positive integer, **the container doesn't have access to swap**.
See
[Prevent a container from using swap](#prevent-a-container-from-using-swap).
- If `--memory-swap` is unset, and `--memory` is set, the container can use
as much swap as the `--memory` setting, if the host container has swap
memory configured. For instance, if `--memory="300m"` and `--memory-swap` is
not set, the container can use 600m in total of memory and swap.
- If `--memory-swap` is explicitly set to `-1`, the container is allowed to use
unlimited swap, up to the amount available on the host system.
- Inside the container, tools like `free` report the host's available swap, not what's available inside the container. Don't rely on the output of `free` or similar tools to determine whether swap is present.
#### Prevent a container from using swap
If `--memory` and `--memory-swap` are set to the same value, this prevents
containers from using any swap. This is because `--memory-swap` is the amount of
combined memory and swap that can be used, while `--memory` is only the amount
of physical memory that can be used.
### `--memory-swappiness` details
- A value of 0 turns off anonymous page swapping.
- A value of 100 sets all anonymous pages as swappable.
- By default, if you don't set `--memory-swappiness`, the value is
inherited from the host machine.
### `--kernel-memory` details
Kernel memory limits are expressed in terms of the overall memory allocated to
a container. Consider the following scenarios:
- **Unlimited memory, unlimited kernel memory**: This is the default
behavior.
- **Unlimited memory, limited kernel memory**: This is appropriate when the
amount of memory needed by all cgroups is greater than the amount of
memory that actually exists on the host machine. You can configure the
kernel memory to never go over what's available on the host machine,
and containers which need more memory need to wait for it.
- **Limited memory, unlimited kernel memory**: The overall memory is
limited, but the kernel memory isn't.