diff --git a/man7/cgroup_namespaces.7 b/man7/cgroup_namespaces.7 index b86cb9fcb..bb3d832ca 100644 --- a/man7/cgroup_namespaces.7 +++ b/man7/cgroup_namespaces.7 @@ -29,14 +29,14 @@ cgroup_namespaces \- overview of Linux cgroup namespaces .SH DESCRIPTION For an overview of namespaces, see .BR namespaces (7). - +.PP Cgroup namespaces virtualize the view of a process's cgroups (see .BR cgroups (7)) as seen via .IR /proc/[pid]/cgroup and .IR /proc/[pid]/mountinfo . - +.PP Each cgroup namespace has its own set of cgroup root directories. These root directories are the base points for the relative locations displayed in the corresponding records in the @@ -53,7 +53,7 @@ cgroups directories become the cgroup root directories of the new namespace. (This applies both for the cgroups version 1 hierarchies and the cgroups version 2 unified hierarchy.) - +.PP When viewing .IR /proc/[pid]/cgroup , the pathname shown in the third field of each record will be @@ -64,13 +64,13 @@ the root directory of the reading process's cgroup namespace, then the pathname will show .I ../ entries for each ancestor level in the cgroup hierarchy. - +.PP The following shell session demonstrates the effect of creating a new cgroup namespace. First, (as superuser) we create a child cgroup in the .I freezer hierarchy, and put the shell into that cgroup: - +.PP .nf .in +4n # \fBmkdir \-p /sys/fs/cgroup/freezer/sub\fP @@ -81,17 +81,17 @@ hierarchy, and put the shell into that cgroup: 7:freezer:/sub .in .fi - +.PP Next, we use .BR unshare (1) to create a process running a new shell in new cgroup and mount namespaces: - +.PP .nf .in +4n # \fBunshare \-Cm bash\fP .in .fi - +.PP We then inspect the .IR /proc/[pid]/cgroup files of, respectively, the new shell process started by the @@ -100,7 +100,7 @@ command, a process that is in the original cgroup namespace .RI ( init , with PID 1), and a process in a sibling cgroup .RI ( sub2 ): - +.PP .nf .in +4n $ \fBcat /proc/self/cgroup | grep freezer\fP @@ -129,14 +129,14 @@ Thus, the new shell's cgroup membership is displayed as \(aq/\(aq.) However, when we look in .IR /proc/self/mountinfo we see the following anomaly: - +.PP .nf .in +4n # \fBcat /proc/self/mountinfo | grep freezer\fP 155 145 0:32 /.. /sys/fs/cgroup/freezer ... .in .fi - +.PP The fourth field of this line .RI ( /.. ) should show the @@ -150,7 +150,7 @@ filesystem corresponding to our initial shell process's cgroup namespace .IR sub ). We need to remount the freezer cgroup filesystem inside this cgroup namespace, after which we see the expected results: - +.PP .nf .in +4n # \fBmount \-\-make\-rslave /\fP # Don't propagate mount events @@ -161,7 +161,7 @@ inside this cgroup namespace, after which we see the expected results: 155 145 0:32 / /sys/fs/cgroup/freezer rw,relatime ... .in .fi - +.PP Use of cgroup namespaces requires a kernel that is configured with the .B CONFIG_CGROUPS option.