From 47577cadac3fa66deca9b9abbb898ae7ec5481fd Mon Sep 17 00:00:00 2001
From: Danny Canter <danny_canter@apple.com>
Date: Fri, 9 Jan 2026 11:34:04 -0800
Subject: [PATCH] LinuxContainer: Give a bit of overhead memory

The guest agent isn't free, and today we were sizing the VMs
memory allotment and the containers cgroup to the same value.
This change gives some overhead memory to the VM (50MB for now)
for the guest agent.
---
 Sources/Containerization/LinuxContainer.swift | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/Sources/Containerization/LinuxContainer.swift b/Sources/Containerization/LinuxContainer.swift
index 206d4236..f3b72eee 100644
--- a/Sources/Containerization/LinuxContainer.swift
+++ b/Sources/Containerization/LinuxContainer.swift
@@ -404,9 +404,22 @@ extension LinuxContainer {
             var modifiedRootfs = self.rootfs
             modifiedRootfs.options.removeAll(where: { $0 == "ro" })
 
+            // Calculate VM memory with overhead for the guest agent.
+            // The container cgroup limit stays at the requested memory, but the VM
+            // gets an additional 50MB for the guest agent (could be higher, could be lower
+            // but this is a decent baseline for now).
+            //
+            // Clamp to system RAM if the total would exceed it as Virtualization.framework
+            // bounds us to this.
+            let guestAgentOverhead: UInt64 = 50.mib()
+            let vmMemory = min(
+                self.memoryInBytes + guestAgentOverhead,
+                ProcessInfo.processInfo.physicalMemory
+            )
+
             let vmConfig = VMConfiguration(
                 cpus: self.cpus,
-                memoryInBytes: self.memoryInBytes,
+                memoryInBytes: vmMemory,
                 interfaces: self.interfaces,
                 mountsByID: [self.id: [modifiedRootfs] + self.config.mounts],
                 bootLog: self.config.bootLog,