I was led here after wondering why --memory-swap seemingly had no effect from Docker. --memory is effectively useless without --memory-swap; users on this platform are unable to enforce memory limits.

Docker container configuration:

$ docker inspect container | jq '.[0].HostConfig.Memory'
25165824
$ docker inspect container | jq '.[0].HostConfig.MemorySwap'
25165824

containerd container configuration:

# ctr --namespace moby c info container-id | jq .Spec.linux.resources.memory
{
  "limit": 25165824,
  "swap": 25165824
}

Generated systemd slice configuration:

# systemctl show docker-container-id.scope | awk -F = '$1 ~ /Memory.*Max/'
MemoryMax=25165824
MemorySwapMax=infinity

Here are some relevant knobs from the cgroup:

# cat memory.swap.max
max

# cat memory.current memory.swap.current
22798336
218423296

I would expect memory.swap.max to read zero on cgroups v2. (swap - limit)

I am using containerd 1.4.13~ds1 from Debian stable. I know this is old, but it would appear as though NewSystemd, as it exists on trunk today, is missing the required functionality.

$ docker info
[...]
 Server Version: 20.10.5+dfsg1
[...]
 Cgroup Driver: systemd
 Cgroup Version: 2

$ docker version
[...]
Server:
 Engine:
  Version:          20.10.5+dfsg1
  Git commit:       363e9a8
  [...]
 containerd:
  Version:          1.4.13~ds1
  GitCommit:        1.4.13~ds1-1~deb11u2

Sorry, perhaps I filed under the wrong component. This function may have nothing to do with my problem. I'll move to a Debian bug. Maybe the distro maintainer knows more about how this is supposed to work.