Pivotal Knowledge Base


Garden FIM Compatibility issue "Cannot set limits on the memory cgroup"


Pivotal Cloud Foundry (PCF) Deployments 1.11 and above with the File Integrity Monitoring (FIM) add-on deployed to Diego cells. 


This article is about the PCF configurations where the File Integrity Monitoring (FIM) add-on deployed to Diego cells. 

CF pushing an app fails and prints:

"cannot set limits on the memory cgroup, as the container has not joined it"

This was originally discovered and reported by the Diego team (https://github.com/cloudfoundry/garden-runc-release/issues/74)


FIM colocated alongside Garden has a rare compatibility issue. FIM will make system resources (cgroups) temporarily unavailable to garden during FIM's startup. If Garden happens to create a container during this time, it will fail with the above message.


Subsequent CF pushes won't fail for the same reason after a few seconds. This because a few seconds is more than enough time for FIM to remount the cgroups.

We're not aware of this ever occurring in production, it was self-discovered by Diego. FIM is doing work to prevent this problem from occurring in future versions of FIM.


Powered by Zendesk