Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Cgroups

Privileged access to Cgroups

CGroups can be accessed with various tools:

  • Systemd directives to set limits for services and slices.
  • Through the cgroup FS.
  • Through libcgroup binaries like cgcreate, cgexec and cgclassify.
  • The Rules engine daemon to automatically move certain users/groups/commands to groups (/etc/cgrules.conf and cgconfig.service).
  • Through other software like LXC.

Unprivileged access to Cgroups

Unprivileged users can divide resources using CGroups v2. memory and pids controllers are supported out of the box. cpu and io require delegation.

  • To delegate cgroup resources we should add the Delegate systemd property, and reboot
# /etc/systemd/system/user@1000.service.d/delegate.conf
[Service]
Delegate=cpu cpuset io