mirror of https://github.com/mkerrisk/man-pages
cgroup_namespaces.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
89cbd279f4
commit
4074913747
|
|
@ -29,14 +29,14 @@ cgroup_namespaces \- overview of Linux cgroup namespaces
|
|||
.SH DESCRIPTION
|
||||
For an overview of namespaces, see
|
||||
.BR namespaces (7).
|
||||
|
||||
.PP
|
||||
Cgroup namespaces virtualize the view of a process's cgroups (see
|
||||
.BR cgroups (7))
|
||||
as seen via
|
||||
.IR /proc/[pid]/cgroup
|
||||
and
|
||||
.IR /proc/[pid]/mountinfo .
|
||||
|
||||
.PP
|
||||
Each cgroup namespace has its own set of cgroup root directories.
|
||||
These root directories are the base points for the relative
|
||||
locations displayed in the corresponding records in the
|
||||
|
|
@ -53,7 +53,7 @@ cgroups directories become the cgroup root directories
|
|||
of the new namespace.
|
||||
(This applies both for the cgroups version 1 hierarchies
|
||||
and the cgroups version 2 unified hierarchy.)
|
||||
|
||||
.PP
|
||||
When viewing
|
||||
.IR /proc/[pid]/cgroup ,
|
||||
the pathname shown in the third field of each record will be
|
||||
|
|
@ -64,13 +64,13 @@ the root directory of the reading process's cgroup namespace,
|
|||
then the pathname will show
|
||||
.I ../
|
||||
entries for each ancestor level in the cgroup hierarchy.
|
||||
|
||||
.PP
|
||||
The following shell session demonstrates the effect of creating
|
||||
a new cgroup namespace.
|
||||
First, (as superuser) we create a child cgroup in the
|
||||
.I freezer
|
||||
hierarchy, and put the shell into that cgroup:
|
||||
|
||||
.PP
|
||||
.nf
|
||||
.in +4n
|
||||
# \fBmkdir \-p /sys/fs/cgroup/freezer/sub\fP
|
||||
|
|
@ -81,17 +81,17 @@ hierarchy, and put the shell into that cgroup:
|
|||
7:freezer:/sub
|
||||
.in
|
||||
.fi
|
||||
|
||||
.PP
|
||||
Next, we use
|
||||
.BR unshare (1)
|
||||
to create a process running a new shell in new cgroup and mount namespaces:
|
||||
|
||||
.PP
|
||||
.nf
|
||||
.in +4n
|
||||
# \fBunshare \-Cm bash\fP
|
||||
.in
|
||||
.fi
|
||||
|
||||
.PP
|
||||
We then inspect the
|
||||
.IR /proc/[pid]/cgroup
|
||||
files of, respectively, the new shell process started by the
|
||||
|
|
@ -100,7 +100,7 @@ command, a process that is in the original cgroup namespace
|
|||
.RI ( init ,
|
||||
with PID 1), and a process in a sibling cgroup
|
||||
.RI ( sub2 ):
|
||||
|
||||
.PP
|
||||
.nf
|
||||
.in +4n
|
||||
$ \fBcat /proc/self/cgroup | grep freezer\fP
|
||||
|
|
@ -129,14 +129,14 @@ Thus, the new shell's cgroup membership is displayed as \(aq/\(aq.)
|
|||
However, when we look in
|
||||
.IR /proc/self/mountinfo
|
||||
we see the following anomaly:
|
||||
|
||||
.PP
|
||||
.nf
|
||||
.in +4n
|
||||
# \fBcat /proc/self/mountinfo | grep freezer\fP
|
||||
155 145 0:32 /.. /sys/fs/cgroup/freezer ...
|
||||
.in
|
||||
.fi
|
||||
|
||||
.PP
|
||||
The fourth field of this line
|
||||
.RI ( /.. )
|
||||
should show the
|
||||
|
|
@ -150,7 +150,7 @@ filesystem corresponding to our initial shell process's cgroup namespace
|
|||
.IR sub ).
|
||||
We need to remount the freezer cgroup filesystem
|
||||
inside this cgroup namespace, after which we see the expected results:
|
||||
|
||||
.PP
|
||||
.nf
|
||||
.in +4n
|
||||
# \fBmount \-\-make\-rslave /\fP # Don't propagate mount events
|
||||
|
|
@ -161,7 +161,7 @@ inside this cgroup namespace, after which we see the expected results:
|
|||
155 145 0:32 / /sys/fs/cgroup/freezer rw,relatime ...
|
||||
.in
|
||||
.fi
|
||||
|
||||
.PP
|
||||
Use of cgroup namespaces requires a kernel that is configured with the
|
||||
.B CONFIG_CGROUPS
|
||||
option.
|
||||
|
|
|
|||
Loading…
Reference in New Issue