2016-04-24 17:49:13 +00:00
|
|
|
.\" Copyright (C) 2015 Serge Hallyn <serge@hallyn.com>
|
2016-04-25 07:55:02 +00:00
|
|
|
.\" and Copyright (C) 2016 Michael Kerrisk <mtk.manpages@gmail.com>
|
2016-04-24 17:49:13 +00:00
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
.\"
|
ldd.1, localedef.1, add_key.2, chroot.2, clone.2, fork.2, futex.2, get_mempolicy.2, get_robust_list.2, getitimer.2, getpriority.2, ioctl.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, kcmp.2, kill.2, lookup_dcookie.2, mmap.2, mount.2, open.2, pciconfig_read.2, perf_event_open.2, prctl.2, process_vm_readv.2, ptrace.2, quotactl.2, recv.2, setfsgid.2, setfsuid.2, sysinfo.2, umask.2, umount.2, unshare.2, utimensat.2, wait.2, assert.3, fmax.3, fmin.3, getauxval.3, inet_pton.3, malloc_hook.3, memmem.3, mkdtemp.3, mktemp.3, printf.3, strcasecmp.3, strcat.3, strtoul.3, strxfrm.3, console_codes.4, console_ioctl.4, lirc.4, tty.4, vcs.4, charmap.5, elf.5, locale.5, proc.5, repertoiremap.5, utmp.5, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, cp1251.7, cp1252.7, credentials.7, feature_test_macros.7, iso_8859-1.7, iso_8859-15.7, iso_8859-5.7, koi8-r.7, koi8-u.7, man-pages.7, mount_namespaces.7, namespaces.7, netlink.7, pid_namespaces.7, unix.7, user_namespaces.7, utf-8.7: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-17 16:07:58 +00:00
|
|
|
.TH CGROUPS 7 2016-07-17 "Linux" "Linux Programmer's Manual"
|
2016-04-24 18:26:50 +00:00
|
|
|
.SH NAME
|
|
|
|
cgroups \- Linux control groups
|
|
|
|
.SH DESCRIPTION
|
|
|
|
Control cgroups, usually referred to as cgroups,
|
|
|
|
are a Linux kernel feature which provides for grouping of tasks and
|
|
|
|
resource tracking and limitations for those groups.
|
2016-04-24 17:39:04 +00:00
|
|
|
While several systems have been introduced to help in configuring and
|
|
|
|
managing cgroups, the kernel's cgroup interface is provided through
|
2016-04-24 18:26:50 +00:00
|
|
|
a pseudo-filesystem called cgroupfs.
|
|
|
|
Task grouping is implemented in the core cgroup kernel code,
|
|
|
|
while resource tracking and limits are implemented in
|
|
|
|
a set of per-resource-type subsystems (memory, CPU, and so on) which may be
|
2016-04-24 17:39:04 +00:00
|
|
|
enabled as separate hierarchies, or joined into comounted hierarchies.
|
2016-04-24 18:26:50 +00:00
|
|
|
|
|
|
|
Each hierarchy constitutes a separate mount of the cgroup filesystem,
|
2016-04-24 17:39:04 +00:00
|
|
|
with the subsystems enabled in that hierarchy listed in the mount options.
|
2016-04-24 18:26:50 +00:00
|
|
|
For each mounted hierarchy,
|
|
|
|
the directory tree mirrors the control group hierarchy.
|
2016-04-24 17:39:04 +00:00
|
|
|
Each control group is represented by a directory, with each of its child
|
|
|
|
control cgroups represented as a child directory.
|
2016-04-24 18:26:50 +00:00
|
|
|
For instance,
|
|
|
|
.IR /user/joe/1.session
|
|
|
|
represents control group
|
|
|
|
.IR 1.session ,
|
|
|
|
which is a child of cgroup
|
|
|
|
.IR joe ,
|
|
|
|
which is a child of
|
|
|
|
.IR /user .
|
|
|
|
Under each cgroup directory is a set of files which can be read or
|
2016-04-24 17:39:04 +00:00
|
|
|
written to, reflecting resource limits and a few general cgroup
|
|
|
|
properties.
|
|
|
|
|
2016-04-24 18:26:50 +00:00
|
|
|
In general, cgroup limits are hierarchical, meaning that the limits placed on
|
|
|
|
.IR /user/joe
|
|
|
|
cannot be exceeded by
|
|
|
|
.IR /usr/joe/1.session .
|
|
|
|
There are currently exceptions to this rule,
|
|
|
|
but stricter adherence is a goal as cgroups are being largely reworked.
|
|
|
|
|
2016-04-24 17:39:04 +00:00
|
|
|
In addition, cgroups can be mounted with no bound subsystem, in which case
|
2016-04-24 18:26:50 +00:00
|
|
|
they serve only to track processes.
|
|
|
|
An example of this is the
|
|
|
|
.I name=systemd
|
|
|
|
cgroup which is used by
|
|
|
|
.BR systemd (1)
|
|
|
|
to track services and user sessions.
|
|
|
|
.\"
|
2016-04-25 08:24:09 +00:00
|
|
|
.SS Terminology
|
|
|
|
A
|
|
|
|
.I cgroup
|
|
|
|
is a collection of processes that are bound to a set of
|
|
|
|
limits or parameters defined via the cgroup filesystem.
|
|
|
|
|
|
|
|
A
|
|
|
|
.I subsystem
|
|
|
|
is a kernel component that modifies the behavior of
|
|
|
|
the processes in a cgroup.
|
|
|
|
Various subsystems have been implemented, making it possible to do things
|
|
|
|
such as limiting the amount of CPU time and memory available to a cgroup,
|
|
|
|
accounting for the CPU time used by a cgroup,
|
|
|
|
and freezing and resuming execution of the processes in a cgroup.
|
|
|
|
Subsystems are sometimes also known as
|
|
|
|
.IR "resource controllers"
|
|
|
|
(or simply, controllers).
|
|
|
|
|
|
|
|
The cgroups for a subsystem are arranged in a
|
|
|
|
.IR hierarchy .
|
|
|
|
This hierarchy is defined by creating, removing, and
|
|
|
|
renaming subdirectories within the cgroup filesystem.
|
|
|
|
At each level of the hierarchy, attributes (e.g., limits) can be defined;
|
|
|
|
these attributes may govern or propagate
|
2016-05-11 19:16:28 +00:00
|
|
|
to child cgroups and their descendants in the hierarchy.
|
2016-04-25 08:24:09 +00:00
|
|
|
.\"
|
2016-04-25 07:55:02 +00:00
|
|
|
.SS Cgroups version 1 and version 2
|
|
|
|
The initial release of the cgroups implementation was in Linux 2.6.24.
|
2016-04-25 08:24:09 +00:00
|
|
|
Over time, various cgroup subsystems have been added
|
2016-04-25 07:55:02 +00:00
|
|
|
to allow the management of various types of resources.
|
|
|
|
However, the development of these subsystems was largely uncoordinated,
|
|
|
|
with the result that many inconsistencies arose between subsystems
|
|
|
|
and management of the cgroup hierarchies became rather complex.
|
|
|
|
(A longer description of these problems can be found in
|
|
|
|
the kernel source file
|
2016-04-25 11:09:01 +00:00
|
|
|
.IR Documentation/cgroup\-v2.txt .)
|
2016-04-25 07:55:02 +00:00
|
|
|
|
2016-06-20 12:03:42 +00:00
|
|
|
Because of the problems with the initial cgroups implementation
|
|
|
|
(cgroups version 1),
|
2016-04-25 07:55:02 +00:00
|
|
|
starting in Linux 3.10, work began on a new,
|
|
|
|
orthogonal implementation to remedy these problems.
|
|
|
|
Initially marked experimental, and hidden behind the
|
|
|
|
.I "\-o\ __DEVEL__sane_behavior"
|
|
|
|
mount option, the new version (cgroups version 2)
|
|
|
|
was eventually made official with the release of Linux 4.5.
|
|
|
|
Differences between the two versions are described in the text below.
|
|
|
|
|
|
|
|
Although cgroups v2 is intended as a replacement for cgroups v1,
|
|
|
|
the older system continues to exist
|
|
|
|
(and for compatibility reasons is unlikely to be removed).
|
|
|
|
Currently, cgroups v2 implements only a subset of the controllers
|
|
|
|
available in cgroups v1.
|
|
|
|
The two systems are implemented so that both v1 controllers and
|
|
|
|
v2 controllers can be mounted on the same system.
|
|
|
|
Thus, for example, it is possible to use those controllers
|
|
|
|
that are supported under version 2,
|
|
|
|
while also using version 1 controllers
|
|
|
|
where version 2 does not yet support those controllers.
|
|
|
|
.\"
|
2016-04-25 08:28:23 +00:00
|
|
|
.SS Tasks versus processes
|
|
|
|
In cgroups v1, a distinction is drawn between
|
|
|
|
.I processes
|
|
|
|
and
|
|
|
|
.IR tasks .
|
|
|
|
In this view, a process can consist of multiple tasks
|
|
|
|
(more commonly called threads, from a user-space perspective).
|
2016-07-27 12:33:30 +00:00
|
|
|
In cgroups v1, it is possible to independently manipulate
|
2016-04-25 08:28:23 +00:00
|
|
|
the cgroup memberships of the tasks in a process.
|
|
|
|
Because this ability caused certain problems,
|
|
|
|
.\" FIXME Add some text describing why this was a problem.
|
|
|
|
the ability to independently manipulate the cgroup memberships
|
|
|
|
of the tasks in a process has been removed in cgroups v2.
|
|
|
|
Cgroups v2 allows manipulation of cgroup membership only for processes
|
|
|
|
(which has the effect of changing the cgroup membership of
|
|
|
|
all tasks in the process).
|
|
|
|
.\"
|
2016-04-24 18:26:50 +00:00
|
|
|
.SS Mounting
|
2016-04-24 17:39:04 +00:00
|
|
|
To be available, a given cgroup subsystem must be compiled into the
|
2016-04-24 18:26:50 +00:00
|
|
|
kernel.
|
|
|
|
Since they are exposed through a virtual filesystem, subsystems
|
|
|
|
must be mounted before they can be controlled.
|
|
|
|
The usual place for this is under
|
2016-04-25 11:01:28 +00:00
|
|
|
.IR /sys/fs/cgroup .
|
2016-04-25 06:48:35 +00:00
|
|
|
If all the desired subsystems can be comounted,
|
2016-04-25 21:18:42 +00:00
|
|
|
then one can do so with the following command:
|
2016-04-24 17:39:04 +00:00
|
|
|
|
2016-04-25 11:09:01 +00:00
|
|
|
mount \-t cgroup \-o all cgroup /sys/fs/cgroup
|
2016-04-25 11:06:49 +00:00
|
|
|
|
|
|
|
(One can achieve the same result by omitting
|
2016-04-25 11:09:01 +00:00
|
|
|
.IR "\-o all" ,
|
2016-04-25 11:06:49 +00:00
|
|
|
since it is the default if subsystems are explicitly specified.)
|
2016-04-24 17:39:04 +00:00
|
|
|
|
|
|
|
If multiple, separately mounted subsystems are desired, then this is
|
2016-04-24 18:26:50 +00:00
|
|
|
usually done in per-subsystem subdirectories.
|
|
|
|
This requires first mounting a tmpfs under
|
|
|
|
.I /sys/fs/cgroup
|
|
|
|
so that subdirectories can be created.
|
|
|
|
For instance, one could mount
|
|
|
|
.IR cpu ,
|
|
|
|
.IR memory ,
|
|
|
|
and
|
|
|
|
.I devices
|
|
|
|
cgroups as follows:
|
|
|
|
|
|
|
|
.nf
|
|
|
|
.in +4n
|
2016-04-25 11:09:01 +00:00
|
|
|
mount \-t tmpfs \-o size=100000,mode=755 cgroups /sys/fs/cgroup
|
2016-04-24 18:26:50 +00:00
|
|
|
for s in cpu memory devices; do
|
|
|
|
mkdir /sys/fs/cgroup/$s
|
2016-04-25 11:09:01 +00:00
|
|
|
mount \-t cgroup \-o $s $s /sys/fs/cgroup/$s
|
2016-04-24 18:26:50 +00:00
|
|
|
done
|
|
|
|
.in
|
|
|
|
.fi
|
2016-04-24 17:39:04 +00:00
|
|
|
|
2016-04-25 06:48:35 +00:00
|
|
|
Comounting subsystems has the effect that a task is in the same cgroup for
|
|
|
|
all comounted subsystems.
|
2016-04-24 18:26:50 +00:00
|
|
|
Separately mounting subsystems allows a task to
|
|
|
|
be in cgroup
|
|
|
|
.I /foo1
|
|
|
|
for one subsystem while being in
|
|
|
|
.I /foo2/foo3
|
|
|
|
for another.
|
|
|
|
.\"
|
|
|
|
.SS Creating cgroups and moving tasks
|
2016-04-24 17:39:04 +00:00
|
|
|
The system begins with a single root cgroup (per hierarchy), '/', which all tasks belong to.
|
2016-04-24 18:26:50 +00:00
|
|
|
A new cgroup is created by creating a directory in the cgroup filesystem:
|
|
|
|
|
|
|
|
mkdir /sys/fs/cgroup/cpu/cg1
|
|
|
|
|
|
|
|
This creates a new empty cgroup.
|
|
|
|
Tasks may be moved to this cgroup by writing
|
|
|
|
their PIDs into the cgroup's
|
|
|
|
.I cgroup.procs
|
2016-05-09 21:40:11 +00:00
|
|
|
or
|
2016-04-24 18:26:50 +00:00
|
|
|
.I tasks
|
2016-04-25 22:05:36 +00:00
|
|
|
(deprecated)
|
2016-04-24 18:26:50 +00:00
|
|
|
file:
|
|
|
|
|
|
|
|
echo $$ > /sys/fs/cgroup/cpu/cg1/cgroup.procs
|
|
|
|
|
|
|
|
The same file can be read to obtain a list of the processes currently in
|
|
|
|
.IR cg1 .
|
|
|
|
By using the
|
|
|
|
.I cgroup.procs
|
|
|
|
file instead of the
|
|
|
|
.I tasks
|
|
|
|
file, all tasks in the
|
|
|
|
thread group are moved into the new cgroup at once.
|
|
|
|
|
|
|
|
On
|
|
|
|
.BR fork (2),
|
|
|
|
the new child is created as a member of the parent's cgroup,
|
|
|
|
leading to implicit grouping of process hierarchies.
|
2016-04-24 17:39:04 +00:00
|
|
|
|
|
|
|
Note: in the upcoming unified hierarchy, a new restriction is imposed such
|
2016-06-20 12:03:42 +00:00
|
|
|
that tasks may exist only in leaf cgroups.
|
2016-04-24 18:26:50 +00:00
|
|
|
For instance, if cgroup
|
|
|
|
.I /cg1/cg2
|
|
|
|
exists, then a task may exist in
|
|
|
|
.IR /cg1/cg2 ,
|
|
|
|
but not in
|
|
|
|
.IR /cg1 .
|
|
|
|
This is to avoid the current ambiguity in the delegation of resources
|
|
|
|
between tasks in
|
|
|
|
.I /cg1
|
|
|
|
and its child cgroups.
|
|
|
|
The recommended workaround is to create a subdirectory called
|
|
|
|
.I leaf
|
|
|
|
for any non-leaf cgroup which should contain tasks, and make sure not to
|
|
|
|
create child cgroups of it.
|
|
|
|
In the above example, tasks which previously would have gone into
|
|
|
|
.I /cg1
|
|
|
|
would now go into
|
|
|
|
.IR /cg1/leaf .
|
|
|
|
This has the advantage of making explicit the relationship between tasks in
|
|
|
|
.I /cg1/leaf
|
|
|
|
and
|
|
|
|
.IR /cg1 's
|
|
|
|
other children.
|
|
|
|
.\"
|
|
|
|
.SS Removing cgroups
|
|
|
|
To remove a cgroup, it must first have no child cgroups and contain no tasks.
|
2016-04-25 21:46:03 +00:00
|
|
|
So long as that is the case, one can simply
|
|
|
|
remove the corresponding directory pathname.
|
2016-04-25 21:48:42 +00:00
|
|
|
Note that files in a cgroup directory cannot and need not be
|
|
|
|
removed.
|
2016-04-24 18:26:50 +00:00
|
|
|
|
|
|
|
A special file in each cgroup hierarchy,
|
|
|
|
.IR release_agent ,
|
|
|
|
can be used to register a program to handle cgroups which become newly empty.
|
|
|
|
The program will be called each time a cgroup marked for
|
|
|
|
autoremove becomes empty and childless.
|
|
|
|
The cgroup path will be provided as the first command-line argument.
|
|
|
|
The cgroup must be marked as eligible for autoremove by writing '1' into its
|
|
|
|
.IR notify_on_release
|
|
|
|
file;
|
2016-04-24 17:39:04 +00:00
|
|
|
this value is inherited by newly created child cgroups.
|
|
|
|
|
2016-04-25 07:55:02 +00:00
|
|
|
A new feature in cgroups v2 is the
|
2016-04-24 18:26:50 +00:00
|
|
|
.I cgroup.populated
|
|
|
|
file.
|
|
|
|
This reads 0 if there are no tasks in the cgroup or its descendants,
|
|
|
|
and 1 otherwise.
|
|
|
|
It can be watched for changes using
|
|
|
|
.BR inotify (7).
|
|
|
|
This allows user-space applications to efficiently watch cgroups
|
|
|
|
for autoremove conditions.
|
|
|
|
.\"
|
2016-04-25 07:55:02 +00:00
|
|
|
.SS Cgroups version 2
|
|
|
|
In cgroups v2,
|
|
|
|
all mounted controllers reside in a single unified hierarchy.
|
|
|
|
While (different) controllers may be simultaneously
|
|
|
|
mounted under the v1 and v2 hierarchies,
|
|
|
|
it is not possible to mount the same controller simultaneously
|
|
|
|
under both the v1 and the v2 hierarchies.
|
2016-04-24 17:39:04 +00:00
|
|
|
|
2016-04-25 07:55:02 +00:00
|
|
|
The new behaviors in cgroups v2 are summarized below:
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP 3
|
|
|
|
1. Tasks only in leaf nodes
|
2016-06-20 12:03:42 +00:00
|
|
|
With the exception of the root cgroup, tasks may reside only in leaf nodes.
|
2016-04-24 17:39:04 +00:00
|
|
|
This avoids the need to decide how to partition resources between tasks which
|
|
|
|
are members of cgroup A and tasks in child cgroups of A.
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-24 17:39:04 +00:00
|
|
|
2. Active cgroups must be specified
|
2016-04-24 18:26:50 +00:00
|
|
|
The unified hierarchy presents two new files,
|
|
|
|
.IR cgroup.controllers
|
|
|
|
and
|
|
|
|
.IR cgroup.subtree_control .
|
|
|
|
When a cgroup
|
|
|
|
.I A/b
|
|
|
|
is created, its
|
|
|
|
.IR cgroup.controllers
|
2016-04-24 17:39:04 +00:00
|
|
|
file contains the list of controllers which were active in its parent, A.
|
2016-04-24 18:26:50 +00:00
|
|
|
This is the list of controllers which are available to this cgroup.
|
|
|
|
No controllers are active until they are enabled through the
|
|
|
|
.IR cgroup.subtree_control
|
2016-04-25 11:10:14 +00:00
|
|
|
file, by writing the list of space-delimited names of the controllers,
|
2016-04-25 11:09:01 +00:00
|
|
|
each preceded by '+' (to enable) or '\-' (to disable).
|
2016-04-24 18:26:50 +00:00
|
|
|
If the
|
|
|
|
.I freezer
|
|
|
|
controller is not enabled in
|
|
|
|
.IR /A/B ,
|
|
|
|
then it cannot be enabled in
|
|
|
|
.IR /A/B/C .
|
|
|
|
.TP
|
2016-04-24 17:39:04 +00:00
|
|
|
3. No "tasks" or "cgroup.clone_children" files
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-24 17:39:04 +00:00
|
|
|
4. Empty cgroup notification
|
2016-04-24 18:26:50 +00:00
|
|
|
A new file,
|
|
|
|
.IR cgroup.populated ,
|
|
|
|
under each cgroup contains '0' when the
|
|
|
|
cgroup is empty, and 1 when it is populated.
|
|
|
|
It therefore may be watched to detect when a cgroup becomes (non-)empty.
|
|
|
|
This replaces the original notify-on-release mechanism.
|
|
|
|
|
|
|
|
For more changes, please see the
|
|
|
|
.I Documentation/cgroups/unified-hierarchy
|
2016-04-24 17:39:04 +00:00
|
|
|
file in the kernel source.
|
2016-04-24 18:26:50 +00:00
|
|
|
.\"
|
2016-04-25 07:55:02 +00:00
|
|
|
.SS Cgroups version 1 subsystems
|
2016-04-25 09:14:51 +00:00
|
|
|
Each of the cgroups version 1 subsystems is governed
|
|
|
|
by a kernel configuration option (listed below).
|
|
|
|
Additionally, the availability of the cgroups feature is governed by the
|
|
|
|
.BR CONFIG_CGROUPS
|
|
|
|
kernel configuration option.
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR cpu " (since Linux 2.6.24; " \fBCONFIG_CGROUP_SCHED\fP )
|
2016-04-25 06:48:35 +00:00
|
|
|
Cgroups can be guaranteed a minimum number of "CPU shares"
|
2016-04-25 06:43:10 +00:00
|
|
|
when a system is busy.
|
|
|
|
This does not limit a cgroup's CPU usage if the CPUs are not busy.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/scheduler/sched\-bwc.txt .
|
2016-04-25 06:43:10 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR cpuacct " (since Linux 2.6.24; " \fBCONFIG_CGROUP_CPUACCT\fP )
|
2016-04-25 06:43:10 +00:00
|
|
|
This provides accounting for CPU usage by groups of tasks.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup\-v1/cpuacct.txt .
|
2016-04-25 06:43:10 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR cpuset " (since Linux 2.6.24; " \fBCONFIG_CPUSETS\fP )
|
2016-04-24 18:26:50 +00:00
|
|
|
This cgroup can be used to bind the tasks in a cgroup to
|
|
|
|
a specified set of CPUs and NUMA nodes.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup\-v1/cpusets.txt .
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR memory " (since Linux 2.6.25; " \fBCONFIG_MEMCG\fP )
|
2016-04-25 06:43:10 +00:00
|
|
|
The memory controller supports reporting and limiting of process memory, kernel
|
|
|
|
memory, and swap used by cgroups.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup\-v1/memory.txt .
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR devices " (since Linux 2.6.26; " \fBCONFIG_CGROUP_DEVICE\fP )
|
2016-04-24 17:39:04 +00:00
|
|
|
This supports controlling which tasks may create (mknod) devices as
|
2016-04-24 18:26:50 +00:00
|
|
|
well as open them for reading or writing.
|
|
|
|
The policies may be specified as whitelists and blacklists.
|
|
|
|
Hierarchy is enforced, so new rules must not
|
2016-04-24 17:39:04 +00:00
|
|
|
violate existing rules for the target or ancestor cgroups.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup-v1/devices.txt .
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR freezer " (since Linux 2.6.28; " \fBCONFIG_CGROUP_FREEZER\fP )
|
2016-04-24 18:26:50 +00:00
|
|
|
The
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR freezer
|
2016-04-24 18:26:50 +00:00
|
|
|
cgroup can suspend and restore (resume) all tasks in a cgroup.
|
|
|
|
Freezing a cgroup
|
|
|
|
.I /A
|
|
|
|
also causes its children, for example, tasks in
|
|
|
|
.IR /A/B ,
|
2016-04-24 17:39:04 +00:00
|
|
|
to be frozen.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup-v1/freezer-subsystem.txt .
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR net_cls " (since Linux 2.6.29; " \fBCONFIG_CGROUP_NET_CLASSID\fP )
|
2016-04-24 17:39:04 +00:00
|
|
|
This places a classid, specified for the cgroup, on network packets
|
2016-04-24 18:26:50 +00:00
|
|
|
created by a cgroup.
|
|
|
|
These classids can then be used in firewall rules,
|
|
|
|
as well as used to shape traffic using
|
|
|
|
.BR tc (8).
|
2016-06-20 12:03:42 +00:00
|
|
|
This applies only to packets
|
2016-04-24 17:39:04 +00:00
|
|
|
leaving the cgroup, not to traffic arriving at the cgroup.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
2016-04-28 07:43:48 +00:00
|
|
|
.IR Documentation/cgroup-v1/net_cls.txt .
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR blkio " (since Linux 2.6.33; " \fBCONFIG_BLK_CGROUP\fP )
|
2016-04-25 06:43:10 +00:00
|
|
|
The
|
|
|
|
.I blkio
|
2016-05-09 21:40:11 +00:00
|
|
|
cgroup controls and limits access to specified block devices by
|
2016-04-25 06:43:10 +00:00
|
|
|
applying IO control in the form of throttling and upper limits against leaf
|
|
|
|
nodes and intermediate nodes in the storage hierarchy.
|
|
|
|
|
|
|
|
Two policies are available.
|
|
|
|
The first is a proportional-weight time-based division
|
|
|
|
of disk implemented with CFQ.
|
|
|
|
This is in effect for leaf nodes using CFQ.
|
|
|
|
The second is a throttling policy which specifies
|
|
|
|
upper I/O rate limits on a device.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup-v1/blkio-controller.txt .
|
2016-04-25 06:43:10 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR perf_event " (since Linux 2.6.39; " \fBCONFIG_CGROUP_PERF\fP )
|
2016-04-25 07:55:02 +00:00
|
|
|
This controller allows
|
|
|
|
.I perf
|
|
|
|
monitoring of the set of processes grouped in a cgroup.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/perf-record.txt .
|
2016-04-25 06:43:10 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR net_prio " (since Linux 3.3; " \fBCONFIG_CGROUP_NET_PRIO\fP )
|
2016-04-24 18:26:50 +00:00
|
|
|
This allows priorities to be specified, per network interface, for cgroups.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup-v1/net_prio.txt .
|
2016-04-24 18:26:50 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR hugetlb " (since Linux 3.5; " \fBCONFIG_CGROUP_HUGETLB\fP )
|
2016-04-25 06:43:10 +00:00
|
|
|
This supports limiting the use of huge pages by cgroups.
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup-v1/hugetlb.txt .
|
2016-04-25 06:33:41 +00:00
|
|
|
.TP
|
2016-04-25 09:14:51 +00:00
|
|
|
.IR pids " (since Linux 4.3; " \fBCONFIG_CGROUP_PIDS\fP )
|
2016-04-25 06:33:41 +00:00
|
|
|
This controller permits limiting the number of process that may be created
|
|
|
|
in a cgroup (and its descendants).
|
2016-04-26 06:27:38 +00:00
|
|
|
|
|
|
|
Further information can be found in the kernel source file
|
|
|
|
.IR Documentation/cgroup-v1/pids.txt .
|
2016-10-02 13:49:25 +00:00
|
|
|
.\"
|
2016-04-28 06:10:29 +00:00
|
|
|
.SS /proc files
|
|
|
|
.TP
|
2016-04-28 07:22:52 +00:00
|
|
|
.IR /proc/cgroups " (since Linux 2.6.24)"
|
2016-04-28 18:17:50 +00:00
|
|
|
This file contains information about the controllers
|
2016-10-02 13:49:25 +00:00
|
|
|
that are compiled into the kernel.
|
2016-04-28 07:22:52 +00:00
|
|
|
An example of the contents of this file (reformatted for readability)
|
|
|
|
is the following:
|
|
|
|
|
|
|
|
.nf
|
|
|
|
.in +4n
|
|
|
|
#subsys_name hierarchy num_cgroups enabled
|
|
|
|
cpuset 4 1 1
|
|
|
|
cpu 8 1 1
|
|
|
|
cpuacct 8 1 1
|
|
|
|
blkio 6 1 1
|
|
|
|
memory 3 1 1
|
|
|
|
devices 10 84 1
|
|
|
|
freezer 7 1 1
|
|
|
|
net_cls 9 1 1
|
|
|
|
perf_event 5 1 1
|
|
|
|
net_prio 9 1 1
|
|
|
|
hugetlb 0 1 0
|
|
|
|
pids 2 1 1
|
|
|
|
.in
|
|
|
|
.fi
|
|
|
|
|
|
|
|
The fields in this file are, from left to right:
|
|
|
|
.RS
|
|
|
|
.IP 1. 3
|
|
|
|
The name of the controller.
|
|
|
|
.IP 2.
|
2016-04-28 18:17:50 +00:00
|
|
|
The unique ID of the cgroup hierarchy on which this controller is mounted.
|
2016-04-28 19:01:33 +00:00
|
|
|
If multiple cgroups v1 controllers are bound to the same hierarchy,
|
2016-04-28 07:22:52 +00:00
|
|
|
then each will show the same hierarchy ID in this field.
|
2016-04-28 18:17:50 +00:00
|
|
|
The value in this field will be 0 if:
|
|
|
|
.RS 5
|
|
|
|
.IP a) 3
|
|
|
|
the controller is not mounted on a cgroups v1 hierarchy;
|
|
|
|
.IP b)
|
|
|
|
the controller is bound to the cgroups v2 single unified hierarchy; or
|
|
|
|
.IP c)
|
|
|
|
the controller is disabled (see below).
|
|
|
|
.RE
|
2016-04-28 07:22:52 +00:00
|
|
|
.IP 3.
|
|
|
|
The number of control groups in this hierarchy using this controller.
|
|
|
|
.IP 4.
|
|
|
|
This field contains the value 1 if this controller is enabled,
|
|
|
|
or 0 if it has been disabled (via the
|
|
|
|
.IR cgroup_disable
|
|
|
|
kernel command-line boot parameter).
|
|
|
|
.RE
|
|
|
|
.TP
|
2016-04-28 06:10:29 +00:00
|
|
|
.IR /proc/[pid]/cgroup " (since Linux 2.6.24)"
|
2016-04-28 18:22:06 +00:00
|
|
|
This file describes control groups to which the process
|
|
|
|
with the corresponding PID belongs.
|
2016-04-28 06:24:51 +00:00
|
|
|
The displayed information differs for
|
2016-04-28 19:09:36 +00:00
|
|
|
cgroups version 1 and version 2 hierarchies.
|
2016-04-28 06:24:51 +00:00
|
|
|
|
|
|
|
For each cgroup hierarchy of which the process is a member,
|
|
|
|
there is one entry containing three
|
2016-04-28 06:10:29 +00:00
|
|
|
colon-separated fields of the form:
|
2016-04-28 06:24:51 +00:00
|
|
|
|
|
|
|
hierarchy-ID:subsystem-list:cgroup-path
|
|
|
|
|
|
|
|
For example:
|
2016-04-28 06:10:29 +00:00
|
|
|
.nf
|
|
|
|
.ft CW
|
|
|
|
|
|
|
|
5:cpuacct,cpu,cpuset:/daemons
|
|
|
|
.ft
|
|
|
|
.fi
|
|
|
|
.IP
|
|
|
|
The colon-separated fields are, from left to right:
|
2016-04-28 06:24:51 +00:00
|
|
|
.RS
|
2016-04-28 06:10:29 +00:00
|
|
|
.IP 1. 3
|
2016-04-28 06:24:51 +00:00
|
|
|
For cgroups version 1 hierarchies,
|
|
|
|
this field contains a unique hierarchy ID number
|
|
|
|
that can be matched to a hierarchy ID in
|
|
|
|
.IR /proc/cgroups .
|
|
|
|
For the cgroups version 2 hierarchy, this field contains the value 0.
|
2016-04-28 06:10:29 +00:00
|
|
|
.IP 2.
|
2016-04-28 06:24:51 +00:00
|
|
|
For cgroups version 1 hierarchies,
|
|
|
|
this field contains a comma-separated list of the subsystems
|
|
|
|
bound to the hierarchy.
|
|
|
|
For the cgroups version 2 hierarchy, this field is empty.
|
2016-04-28 06:10:29 +00:00
|
|
|
.IP 3.
|
2016-04-28 06:24:51 +00:00
|
|
|
This field contains the pathname of the control group in the hierarchy
|
|
|
|
to which the process belongs.
|
|
|
|
This pathname is relative to the mount point of the hierarchy.
|
2016-04-28 06:10:29 +00:00
|
|
|
.RE
|
2016-06-28 04:32:23 +00:00
|
|
|
.SH ERRORS
|
|
|
|
The following errors can occur for
|
|
|
|
.BR mount (2):
|
|
|
|
.TP
|
|
|
|
.B EBUSY
|
|
|
|
An attempt to mount a cgroup version 1 filesystem specified neither the
|
|
|
|
.I name=
|
|
|
|
option (to mount a named hierarchy) nor a controller name (or
|
|
|
|
.IR all )
|
2016-04-24 18:52:27 +00:00
|
|
|
.SH SEE ALSO
|
2016-04-25 14:23:56 +00:00
|
|
|
.BR prlimit (1),
|
2016-04-28 07:41:06 +00:00
|
|
|
.BR systemd (1),
|
2016-04-26 12:34:18 +00:00
|
|
|
.BR clone (2),
|
2016-04-25 14:23:56 +00:00
|
|
|
.BR ioprio_set (2),
|
|
|
|
.BR perf_event_open (2),
|
|
|
|
.BR setrlimit (2),
|
2016-05-06 17:48:05 +00:00
|
|
|
.BR cgroup_namespaces (7),
|
2016-04-24 18:57:57 +00:00
|
|
|
.BR cpuset (7),
|
2016-04-25 14:23:56 +00:00
|
|
|
.BR namespaces (7),
|
|
|
|
.BR sched (7),
|
|
|
|
.BR user_namespaces (7)
|