]>
Commit | Line | Data |
---|---|---|
014cb63b | 1 | .\" Copyright (C) 2015 Serge Hallyn <serge@hallyn.com> |
4242dfbe | 2 | .\" and Copyright (C) 2016, 2017 Michael Kerrisk <mtk.manpages@gmail.com> |
014cb63b MK |
3 | .\" |
4 | .\" %%%LICENSE_START(VERBATIM) | |
5 | .\" Permission is granted to make and distribute verbatim copies of this | |
6 | .\" manual provided the copyright notice and this permission notice are | |
7 | .\" preserved on all copies. | |
8 | .\" | |
9 | .\" Permission is granted to copy and distribute modified versions of this | |
10 | .\" manual under the conditions for verbatim copying, provided that the | |
11 | .\" entire resulting derived work is distributed under the terms of a | |
12 | .\" permission notice identical to this one. | |
13 | .\" | |
14 | .\" Since the Linux kernel and libraries are constantly changing, this | |
15 | .\" manual page may be incorrect or out-of-date. The author(s) assume no | |
16 | .\" responsibility for errors or omissions, or for damages resulting from | |
17 | .\" the use of the information contained herein. The author(s) may not | |
18 | .\" have taken the same level of care in the production of this manual, | |
19 | .\" which is licensed free of charge, as they might when working | |
20 | .\" professionally. | |
21 | .\" | |
22 | .\" Formatted or processed versions of this manual, if unaccompanied by | |
23 | .\" the source, must acknowledge the copyright and authors of this work. | |
24 | .\" %%%LICENSE_END | |
25 | .\" | |
4b8c67d9 | 26 | .TH CGROUPS 7 2017-09-15 "Linux" "Linux Programmer's Manual" |
21f0d132 MK |
27 | .SH NAME |
28 | cgroups \- Linux control groups | |
29 | .SH DESCRIPTION | |
30 | Control cgroups, usually referred to as cgroups, | |
a15e0673 | 31 | are a Linux kernel feature which allow processes to |
8bff7140 MK |
32 | be organized into hierarchical groups whose usage of |
33 | various types of resources can then be limited and monitored. | |
34 | The kernel's cgroup interface is provided through | |
21f0d132 | 35 | a pseudo-filesystem called cgroupfs. |
6398ca15 | 36 | Grouping is implemented in the core cgroup kernel code, |
21f0d132 | 37 | while resource tracking and limits are implemented in |
8bff7140 | 38 | a set of per-resource-type subsystems (memory, CPU, and so on). |
21f0d132 | 39 | .\" |
176a4211 MK |
40 | .SS Terminology |
41 | A | |
42 | .I cgroup | |
43 | is a collection of processes that are bound to a set of | |
44 | limits or parameters defined via the cgroup filesystem. | |
a721e8b2 | 45 | .PP |
176a4211 MK |
46 | A |
47 | .I subsystem | |
48 | is a kernel component that modifies the behavior of | |
49 | the processes in a cgroup. | |
50 | Various subsystems have been implemented, making it possible to do things | |
51 | such as limiting the amount of CPU time and memory available to a cgroup, | |
52 | accounting for the CPU time used by a cgroup, | |
53 | and freezing and resuming execution of the processes in a cgroup. | |
54 | Subsystems are sometimes also known as | |
55 | .IR "resource controllers" | |
56 | (or simply, controllers). | |
a721e8b2 | 57 | .PP |
55f52de8 | 58 | The cgroups for a controller are arranged in a |
176a4211 MK |
59 | .IR hierarchy . |
60 | This hierarchy is defined by creating, removing, and | |
61 | renaming subdirectories within the cgroup filesystem. | |
8fc9db1e MK |
62 | At each level of the hierarchy, attributes (e.g., limits) can be defined. |
63 | The limits, control, and accounting provided by cgroups generally have | |
64 | effect throughout the subhierarchy underneath the cgroup where the | |
65 | attributes are defined. | |
8bff7140 MK |
66 | Thus, for example, the limits placed on |
67 | a cgroup at a higher level in the hierarchy cannot be exceeded | |
68 | by descendant cgroups. | |
176a4211 | 69 | .\" |
43df1ab3 MK |
70 | .SS Cgroups version 1 and version 2 |
71 | The initial release of the cgroups implementation was in Linux 2.6.24. | |
55f52de8 | 72 | Over time, various cgroup controllers have been added |
43df1ab3 | 73 | to allow the management of various types of resources. |
55f52de8 MK |
74 | However, the development of these controllers was largely uncoordinated, |
75 | with the result that many inconsistencies arose between controllers | |
43df1ab3 MK |
76 | and management of the cgroup hierarchies became rather complex. |
77 | (A longer description of these problems can be found in | |
78 | the kernel source file | |
0a837899 | 79 | .IR Documentation/cgroup\-v2.txt .) |
a721e8b2 | 80 | .PP |
813d9220 MK |
81 | Because of the problems with the initial cgroups implementation |
82 | (cgroups version 1), | |
43df1ab3 MK |
83 | starting in Linux 3.10, work began on a new, |
84 | orthogonal implementation to remedy these problems. | |
85 | Initially marked experimental, and hidden behind the | |
86 | .I "\-o\ __DEVEL__sane_behavior" | |
87 | mount option, the new version (cgroups version 2) | |
88 | was eventually made official with the release of Linux 4.5. | |
89 | Differences between the two versions are described in the text below. | |
a721e8b2 | 90 | .PP |
43df1ab3 MK |
91 | Although cgroups v2 is intended as a replacement for cgroups v1, |
92 | the older system continues to exist | |
93 | (and for compatibility reasons is unlikely to be removed). | |
94 | Currently, cgroups v2 implements only a subset of the controllers | |
95 | available in cgroups v1. | |
96 | The two systems are implemented so that both v1 controllers and | |
97 | v2 controllers can be mounted on the same system. | |
98 | Thus, for example, it is possible to use those controllers | |
99 | that are supported under version 2, | |
100 | while also using version 1 controllers | |
101 | where version 2 does not yet support those controllers. | |
1a90a85e MK |
102 | The only restriction here is that a controller can't be simultaneously |
103 | employed in both a cgroups v1 hierarchy and in the cgroups v2 hierarchy. | |
43df1ab3 | 104 | .\" |
8bff7140 MK |
105 | .SS Cgroups version 1 |
106 | Under cgroups v1, each controller may be mounted against a separate | |
107 | cgroup filesystem that provides its own hierarchical organization of the | |
108 | processes on the system. | |
109 | It is also possible comount multiple (or even all) cgroups v1 controllers | |
110 | against the same cgroup filesystem, meaning that the comounted controllers | |
111 | manage the same hierarchical organization of processes. | |
a721e8b2 | 112 | .PP |
8bff7140 MK |
113 | For each mounted hierarchy, |
114 | the directory tree mirrors the control group hierarchy. | |
115 | Each control group is represented by a directory, with each of its child | |
116 | control cgroups represented as a child directory. | |
117 | For instance, | |
118 | .IR /user/joe/1.session | |
119 | represents control group | |
120 | .IR 1.session , | |
121 | which is a child of cgroup | |
122 | .IR joe , | |
123 | which is a child of | |
124 | .IR /user . | |
125 | Under each cgroup directory is a set of files which can be read or | |
126 | written to, reflecting resource limits and a few general cgroup | |
127 | properties. | |
a721e8b2 | 128 | .PP |
8bff7140 | 129 | In addition, in cgroups v1, |
55f52de8 | 130 | cgroups can be mounted with no bound controller, in which case |
8bff7140 | 131 | they serve only to track processes. |
59dabd75 | 132 | (See the discussion of release notification below.) |
8bff7140 MK |
133 | An example of this is the |
134 | .I name=systemd | |
135 | cgroup which is used by | |
136 | .BR systemd (1) | |
137 | to track services and user sessions. | |
138 | .\" | |
6398ca15 | 139 | .SS Tasks (threads) versus processes |
c775bca2 MK |
140 | In cgroups v1, a distinction is drawn between |
141 | .I processes | |
142 | and | |
143 | .IR tasks . | |
144 | In this view, a process can consist of multiple tasks | |
6398ca15 MK |
145 | (more commonly called threads, from a user-space perspective, |
146 | and called such in the remainder of this man page). | |
0ec74e08 | 147 | In cgroups v1, it is possible to independently manipulate |
6398ca15 | 148 | the cgroup memberships of the threads in a process. |
c775bca2 MK |
149 | Because this ability caused certain problems, |
150 | .\" FIXME Add some text describing why this was a problem. | |
151 | the ability to independently manipulate the cgroup memberships | |
6398ca15 | 152 | of the threads in a process has been removed in cgroups v2. |
c775bca2 MK |
153 | Cgroups v2 allows manipulation of cgroup membership only for processes |
154 | (which has the effect of changing the cgroup membership of | |
6398ca15 | 155 | all threads in the process). |
c775bca2 | 156 | .\" |
77e0a626 MK |
157 | .SS Mounting v1 controllers |
158 | The use of cgroups requires a kernel built with the | |
8e6578f8 KF |
159 | .BR CONFIG_CGROUP |
160 | option. | |
77e0a626 MK |
161 | In addition, each of the v1 controllers has an associated |
162 | configuration option that must be set in order to employ that controller. | |
a721e8b2 | 163 | .PP |
77e0a626 MK |
164 | In order to use a v1 controller, |
165 | it must be mounted against a cgroup filesystem. | |
4e07c70f MK |
166 | The usual place for such mounts is under a |
167 | .BR tmpfs (5) | |
168 | filesystem mounted at | |
77e0a626 MK |
169 | .IR /sys/fs/cgroup . |
170 | Thus, one might mount the | |
171 | .I cpu | |
172 | controller as follows: | |
a721e8b2 | 173 | .PP |
77e0a626 | 174 | .in +4n |
b8302363 | 175 | .EX |
77e0a626 | 176 | mount \-t cgroup \-o cpu none /sys/fs/cgroup/cpu |
b8302363 | 177 | .EE |
e646a1ba | 178 | .in |
a721e8b2 | 179 | .PP |
77e0a626 MK |
180 | It is possible to comount multiple controllers against the same hierarchy. |
181 | For example, here the | |
182 | .IR cpu | |
21f0d132 | 183 | and |
77e0a626 MK |
184 | .IR cpuacct |
185 | controllers are comounted against a single hierarchy: | |
a721e8b2 | 186 | .PP |
21f0d132 | 187 | .in +4n |
b8302363 | 188 | .EX |
77e0a626 | 189 | mount \-t cgroup \-o cpu,cpuacct none /sys/fs/cgroup/cpu,cpuacct |
b8302363 | 190 | .EE |
e646a1ba | 191 | .in |
a721e8b2 | 192 | .PP |
55f52de8 | 193 | Comounting controllers has the effect that a process is in the same cgroup for |
77e0a626 | 194 | all of the comounted controllers. |
55f52de8 | 195 | Separately mounting controllers allows a process to |
21f0d132 MK |
196 | be in cgroup |
197 | .I /foo1 | |
55f52de8 | 198 | for one controller while being in |
21f0d132 MK |
199 | .I /foo2/foo3 |
200 | for another. | |
a721e8b2 | 201 | .PP |
77e0a626 | 202 | It is possible to comount all v1 controllers against the same hierarchy: |
a721e8b2 | 203 | .PP |
77e0a626 | 204 | .in +4n |
b8302363 | 205 | .EX |
77e0a626 | 206 | mount \-t cgroup \-o all cgroup /sys/fs/cgroup |
b8302363 | 207 | .EE |
e646a1ba | 208 | .in |
a721e8b2 | 209 | .PP |
77e0a626 MK |
210 | (One can achieve the same result by omitting |
211 | .IR "\-o all" , | |
212 | since it is the default if no controllers are explicitly specified.) | |
a721e8b2 | 213 | .PP |
31ec2a5c MK |
214 | It is not possible to mount the same controller |
215 | against multiple cgroup hierarchies. | |
216 | For example, it is not possible to mount both the | |
217 | .I cpu | |
218 | and | |
219 | .I cpuacct | |
220 | controllers against one hierarchy, and to mount the | |
221 | .I cpu | |
222 | controller alone against another hierarchy. | |
223 | It is possible to create multiple mount points with exactly | |
224 | the same set of comounted controllers. | |
225 | However, in this case all that results is multiple mount points | |
226 | providing a view of the same hierarchy. | |
a721e8b2 | 227 | .PP |
77e0a626 MK |
228 | Note that on many systems, the v1 controllers are automatically mounted under |
229 | .IR /sys/fs/cgroup ; | |
230 | in particular, | |
231 | .BR systemd (1) | |
232 | automatically creates such mount points. | |
21f0d132 | 233 | .\" |
7409b54b MK |
234 | .SS Unmounting v1 controllers |
235 | A mounted cgroup filesystem can be unmounted using the | |
236 | .BR umount (8) | |
237 | command, as in the following example: | |
238 | .PP | |
239 | .in +4n | |
240 | .EX | |
241 | umount /sys/fs/cgroup/pids | |
242 | .EE | |
243 | .in | |
244 | .PP | |
245 | .IR "But note well" : | |
246 | a cgroup filesystem is unmounted only if it is not busy, | |
247 | that is, it has no child cgroups. | |
248 | If this is not the case, then the only effect of the | |
249 | .BR umount (8) | |
250 | is to make the mount invisible. | |
251 | Thus, to ensure that the mount point is really removed, | |
252 | one must first remove all child cgroups, | |
253 | which in turn can be done only after all member processes | |
254 | have been moved from those cgroups to the root cgroup. | |
255 | .\" | |
860573ad MK |
256 | .SS Cgroups version 1 controllers |
257 | Each of the cgroups version 1 controllers is governed | |
258 | by a kernel configuration option (listed below). | |
259 | Additionally, the availability of the cgroups feature is governed by the | |
260 | .BR CONFIG_CGROUPS | |
261 | kernel configuration option. | |
262 | .TP | |
263 | .IR cpu " (since Linux 2.6.24; " \fBCONFIG_CGROUP_SCHED\fP ) | |
264 | Cgroups can be guaranteed a minimum number of "CPU shares" | |
265 | when a system is busy. | |
266 | This does not limit a cgroup's CPU usage if the CPUs are not busy. | |
4ad9a706 MK |
267 | For further information, see |
268 | .IR Documentation/scheduler/sched-design-CFS.txt . | |
a721e8b2 | 269 | .IP |
4ad9a706 MK |
270 | In Linux 3.2, |
271 | this controller was extended to provide CPU "bandwidth" control. | |
272 | If the kernel is configured with | |
81ff7360 | 273 | .BR CONFIG_CFS_BANDWIDTH , |
4ad9a706 MK |
274 | then within each scheduling period |
275 | (defined via a file in the cgroup directory), it is possible to define | |
276 | an upper limit on the CPU time allocated to the processes in a cgroup. | |
277 | This upper limit applies even if there is no other competition for the CPU. | |
860573ad MK |
278 | Further information can be found in the kernel source file |
279 | .IR Documentation/scheduler/sched\-bwc.txt . | |
280 | .TP | |
281 | .IR cpuacct " (since Linux 2.6.24; " \fBCONFIG_CGROUP_CPUACCT\fP ) | |
282 | This provides accounting for CPU usage by groups of processes. | |
a721e8b2 | 283 | .IP |
860573ad MK |
284 | Further information can be found in the kernel source file |
285 | .IR Documentation/cgroup\-v1/cpuacct.txt . | |
286 | .TP | |
287 | .IR cpuset " (since Linux 2.6.24; " \fBCONFIG_CPUSETS\fP ) | |
288 | This cgroup can be used to bind the processes in a cgroup to | |
289 | a specified set of CPUs and NUMA nodes. | |
a721e8b2 | 290 | .IP |
860573ad MK |
291 | Further information can be found in the kernel source file |
292 | .IR Documentation/cgroup\-v1/cpusets.txt . | |
293 | .TP | |
294 | .IR memory " (since Linux 2.6.25; " \fBCONFIG_MEMCG\fP ) | |
295 | The memory controller supports reporting and limiting of process memory, kernel | |
296 | memory, and swap used by cgroups. | |
a721e8b2 | 297 | .IP |
860573ad MK |
298 | Further information can be found in the kernel source file |
299 | .IR Documentation/cgroup\-v1/memory.txt . | |
300 | .TP | |
301 | .IR devices " (since Linux 2.6.26; " \fBCONFIG_CGROUP_DEVICE\fP ) | |
302 | This supports controlling which processes may create (mknod) devices as | |
303 | well as open them for reading or writing. | |
304 | The policies may be specified as whitelists and blacklists. | |
305 | Hierarchy is enforced, so new rules must not | |
306 | violate existing rules for the target or ancestor cgroups. | |
a721e8b2 | 307 | .IP |
860573ad MK |
308 | Further information can be found in the kernel source file |
309 | .IR Documentation/cgroup-v1/devices.txt . | |
310 | .TP | |
311 | .IR freezer " (since Linux 2.6.28; " \fBCONFIG_CGROUP_FREEZER\fP ) | |
312 | The | |
313 | .IR freezer | |
314 | cgroup can suspend and restore (resume) all processes in a cgroup. | |
315 | Freezing a cgroup | |
316 | .I /A | |
317 | also causes its children, for example, processes in | |
318 | .IR /A/B , | |
319 | to be frozen. | |
a721e8b2 | 320 | .IP |
860573ad MK |
321 | Further information can be found in the kernel source file |
322 | .IR Documentation/cgroup-v1/freezer-subsystem.txt . | |
323 | .TP | |
324 | .IR net_cls " (since Linux 2.6.29; " \fBCONFIG_CGROUP_NET_CLASSID\fP ) | |
325 | This places a classid, specified for the cgroup, on network packets | |
326 | created by a cgroup. | |
327 | These classids can then be used in firewall rules, | |
328 | as well as used to shape traffic using | |
329 | .BR tc (8). | |
330 | This applies only to packets | |
331 | leaving the cgroup, not to traffic arriving at the cgroup. | |
a721e8b2 | 332 | .IP |
860573ad MK |
333 | Further information can be found in the kernel source file |
334 | .IR Documentation/cgroup-v1/net_cls.txt . | |
335 | .TP | |
336 | .IR blkio " (since Linux 2.6.33; " \fBCONFIG_BLK_CGROUP\fP ) | |
337 | The | |
338 | .I blkio | |
339 | cgroup controls and limits access to specified block devices by | |
340 | applying IO control in the form of throttling and upper limits against leaf | |
341 | nodes and intermediate nodes in the storage hierarchy. | |
a721e8b2 | 342 | .IP |
860573ad MK |
343 | Two policies are available. |
344 | The first is a proportional-weight time-based division | |
345 | of disk implemented with CFQ. | |
346 | This is in effect for leaf nodes using CFQ. | |
347 | The second is a throttling policy which specifies | |
348 | upper I/O rate limits on a device. | |
a721e8b2 | 349 | .IP |
860573ad MK |
350 | Further information can be found in the kernel source file |
351 | .IR Documentation/cgroup-v1/blkio-controller.txt . | |
352 | .TP | |
353 | .IR perf_event " (since Linux 2.6.39; " \fBCONFIG_CGROUP_PERF\fP ) | |
354 | This controller allows | |
355 | .I perf | |
356 | monitoring of the set of processes grouped in a cgroup. | |
a721e8b2 | 357 | .IP |
860573ad | 358 | Further information can be found in the kernel source file |
c174eb6a | 359 | .IR tools/perf/Documentation/perf-record.txt . |
860573ad MK |
360 | .TP |
361 | .IR net_prio " (since Linux 3.3; " \fBCONFIG_CGROUP_NET_PRIO\fP ) | |
362 | This allows priorities to be specified, per network interface, for cgroups. | |
a721e8b2 | 363 | .IP |
860573ad MK |
364 | Further information can be found in the kernel source file |
365 | .IR Documentation/cgroup-v1/net_prio.txt . | |
366 | .TP | |
367 | .IR hugetlb " (since Linux 3.5; " \fBCONFIG_CGROUP_HUGETLB\fP ) | |
368 | This supports limiting the use of huge pages by cgroups. | |
a721e8b2 | 369 | .IP |
860573ad MK |
370 | Further information can be found in the kernel source file |
371 | .IR Documentation/cgroup-v1/hugetlb.txt . | |
372 | .TP | |
373 | .IR pids " (since Linux 4.3; " \fBCONFIG_CGROUP_PIDS\fP ) | |
374 | This controller permits limiting the number of process that may be created | |
375 | in a cgroup (and its descendants). | |
a721e8b2 | 376 | .IP |
860573ad MK |
377 | Further information can be found in the kernel source file |
378 | .IR Documentation/cgroup-v1/pids.txt . | |
cfec905e NB |
379 | .TP |
380 | .IR rdma " (since Linux 4.11; " \fBCONFIG_CGROUP_RDMA\fP ) | |
d145c025 MK |
381 | The RDMA controller permits limiting the use of |
382 | RDMA/IB-specific resources per cgroup. | |
cfec905e NB |
383 | .IP |
384 | Further information can be found in the kernel source file | |
385 | .IR Documentation/cgroup-v1/rdma.txt . | |
860573ad | 386 | .\" |
6398ca15 | 387 | .SS Creating cgroups and moving processes |
9ed582ac | 388 | A cgroup filesystem initially contains a single root cgroup, '/', |
6398ca15 | 389 | which all processes belong to. |
21f0d132 | 390 | A new cgroup is created by creating a directory in the cgroup filesystem: |
a721e8b2 | 391 | .PP |
4769a778 MK |
392 | .in +4n |
393 | .EX | |
394 | mkdir /sys/fs/cgroup/cpu/cg1 | |
395 | .EE | |
396 | .in | |
a721e8b2 | 397 | .PP |
21f0d132 | 398 | This creates a new empty cgroup. |
a721e8b2 | 399 | .PP |
f524e7f8 | 400 | A process may be moved to this cgroup by writing its PID into the cgroup's |
21f0d132 | 401 | .I cgroup.procs |
21f0d132 | 402 | file: |
a721e8b2 | 403 | .PP |
4769a778 MK |
404 | .in +4n |
405 | .EX | |
406 | echo $$ > /sys/fs/cgroup/cpu/cg1/cgroup.procs | |
407 | .EE | |
408 | .in | |
a721e8b2 | 409 | .PP |
f524e7f8 | 410 | Only one PID at a time should be written to this file. |
a721e8b2 | 411 | .PP |
f524e7f8 MK |
412 | Writing the value 0 to a |
413 | .IR cgroup.procs | |
414 | file causes the writing process to be moved to the corresponding cgroup. | |
a721e8b2 | 415 | .PP |
6398ca15 MK |
416 | When writing a PID into the |
417 | .IR cgroup.procs , | |
87402a2e | 418 | all threads in the process are moved into the new cgroup at once. |
a721e8b2 | 419 | .PP |
f524e7f8 MK |
420 | Within a hierarchy, a process can be a member of exactly one cgroup. |
421 | Writing a process's PID to a | |
422 | .IR cgroup.procs | |
423 | file automatically removes it from the cgroup of | |
424 | which it was previously a member. | |
a721e8b2 | 425 | .PP |
f524e7f8 MK |
426 | The |
427 | .I cgroup.procs | |
428 | file can be read to obtain a list of the processes that are | |
429 | members of a cgroup. | |
430 | The returned list of PIDs is not guaranteed to be in order. | |
431 | Nor is it guaranteed to be free of duplicates. | |
432 | (For example, a PID may be recycled while reading from the list.) | |
a721e8b2 | 433 | .PP |
87402a2e MK |
434 | In cgroups v1 (but not cgroups v2), an individual thread can be moved to |
435 | another cgroup by writing its thread ID | |
436 | (i.e., the kernel thread ID returned by | |
437 | .BR clone (2) | |
438 | and | |
439 | .BR gettid (2)) | |
440 | to the | |
441 | .IR tasks | |
442 | file in a cgroup directory. | |
443 | This file can be read to discover the set of threads | |
444 | that are members of the cgroup. | |
445 | This file is not present in cgroup v2 directories. | |
b43be47e MK |
446 | .\" |
447 | .SS Removing cgroups | |
448 | To remove a cgroup, | |
449 | it must first have no child cgroups and contain no (nonzombie) processes. | |
450 | So long as that is the case, one can simply | |
451 | remove the corresponding directory pathname. | |
452 | Note that files in a cgroup directory cannot and need not be | |
453 | removed. | |
454 | .\" | |
88afe701 | 455 | .SS Cgroups v1 release notification |
23388d41 MK |
456 | Two files can be used to determine whether the kernel provides |
457 | notifications when a cgroup becomes empty. | |
458 | A cgroup is considered to be empty when it contains no child | |
459 | cgroups and no member processes. | |
a721e8b2 | 460 | .PP |
23388d41 | 461 | A special file in the root directory of each cgroup hierarchy, |
88afe701 | 462 | .IR release_agent , |
23388d41 MK |
463 | can be used to register the pathname of a program that may be invoked when |
464 | a cgroup in the hierarchy becomes empty. | |
465 | The pathname of the newly empty cgroup (relative to the cgroup mount point) | |
466 | is provided as the sole command-line argument when the | |
467 | .IR release_agent | |
468 | program is invoked. | |
469 | The | |
470 | .IR release_agent | |
471 | program might remove the cgroup directory, | |
472 | or perhaps repopulate with a process. | |
a721e8b2 | 473 | .PP |
23388d41 MK |
474 | The default value of the |
475 | .IR release_agent | |
476 | file is empty, meaning that no release agent is invoked. | |
a721e8b2 | 477 | .PP |
23388d41 MK |
478 | Whether or not the |
479 | .IR release_agent | |
480 | program is invoked when a particular cgroup becomes empty is determined | |
481 | by the value in the | |
88afe701 | 482 | .IR notify_on_release |
23388d41 MK |
483 | file in the corresponding cgroup directory. |
484 | If this file contains the value 0, then the | |
485 | .IR release_agent | |
486 | program is not invoked. | |
487 | If it contains the value 1, the | |
488 | .IR release_agent | |
489 | program is invoked. | |
490 | The default value for this file in the root cgroup is 0. | |
491 | At the time when a new cgroup is created, | |
492 | the value in this file is inherited from the corresponding file | |
493 | in the parent cgroup. | |
88afe701 | 494 | .\" |
b43be47e MK |
495 | .SS Cgroups version 2 |
496 | In cgroups v2, | |
497 | all mounted controllers reside in a single unified hierarchy. | |
498 | While (different) controllers may be simultaneously | |
499 | mounted under the v1 and v2 hierarchies, | |
500 | it is not possible to mount the same controller simultaneously | |
501 | under both the v1 and the v2 hierarchies. | |
a721e8b2 | 502 | .PP |
2befa495 MK |
503 | The new behaviors in cgroups v2 are summarized here, |
504 | and in some cases elaborated in the following subsections. | |
505 | .IP 1. 3 | |
a15e0673 | 506 | Cgroups v2 provides a unified hierarchy against |
dddb7ea1 MK |
507 | which all controllers are mounted. |
508 | .IP 2. | |
2befa495 MK |
509 | "Internal" processes are not permitted. |
510 | With the exception of the root cgroup, processes may reside | |
511 | only in leaf nodes (cgroups that do not themselves contain child cgroups). | |
4f017a68 | 512 | The details are somewhat more subtle than this, and are described below. |
dddb7ea1 | 513 | .IP 3. |
2befa495 MK |
514 | Active cgroups must be specified via the files |
515 | .IR cgroup.controllers | |
516 | and | |
517 | .IR cgroup.subtree_control . | |
dddb7ea1 | 518 | .IP 4. |
2befa495 MK |
519 | The |
520 | .I tasks | |
521 | file has been removed. | |
522 | In addition, the | |
523 | .I cgroup.clone_children | |
524 | file that is employed by the | |
525 | .I cpuset | |
526 | controller has been removed. | |
dddb7ea1 | 527 | .IP 5. |
2befa495 MK |
528 | An improved mechanism for notification of empty cgroups is provided by the |
529 | .IR cgroup.events | |
530 | file. | |
531 | .PP | |
532 | For more changes, see the | |
533 | .I Documentation/cgroup-v2.txt | |
534 | file in the kernel source. | |
e91d4f9e MK |
535 | .PP |
536 | Some of the new behaviors listed above saw subsequent modification with | |
537 | the addition in Linux 4.14 of "thread mode" (described below). | |
2befa495 | 538 | .\" |
dddb7ea1 MK |
539 | .SS Cgroups v2 unified hierarchy |
540 | In cgroups v1, the ability to mount different controllers | |
541 | against different hierarchies was intended to allow great flexibility | |
542 | for application design. | |
543 | In practice, though, the flexibility turned out to less useful than expected, | |
544 | and in many cases added complexity. | |
545 | Therefore, in cgroups v2, | |
546 | all available controllers are mounted against a single hierarchy. | |
547 | The available controllers are automatically mounted, | |
548 | meaning that it is not necessary (or possible) to specify the controllers | |
549 | when mounting the cgroup v2 filesystem using a command such as the following: | |
a721e8b2 | 550 | .PP |
4769a778 MK |
551 | .in +4n |
552 | .EX | |
553 | mount -t cgroup2 none /mnt/cgroup2 | |
554 | .EE | |
555 | .in | |
a721e8b2 | 556 | .PP |
dddb7ea1 MK |
557 | A cgroup v2 controller is available only if it is not currently in use |
558 | via a mount against a cgroup v1 hierarchy. | |
559 | Or, to put things another way, it is not possible to employ | |
560 | the same controller against both a v1 hierarchy and the unified v2 hierarchy. | |
57cbb0db MK |
561 | This means that it may be necessary first to unmount a v1 controller |
562 | (as described above) before that controller is available in v2. | |
563 | Since | |
564 | .BR systemd (1) | |
565 | makes heavy use of some v1 controllers by default, | |
566 | it can in some cases be simpler to boot the system with | |
567 | selected v1 controllers disabled. | |
568 | To do this, specify the | |
569 | .IR cgroup_no_v1=list | |
570 | option on the kernel boot command line; | |
571 | .I list | |
572 | is a comma-separated list of the names of the controllers to disable, | |
573 | or the word | |
574 | .I all | |
575 | to disable all v1 controllers. | |
576 | (This situation is correctly handled by | |
577 | .BR systemd (1), | |
578 | which falls back to operating without the specified controllers.) | |
03bb1264 MK |
579 | .PP |
580 | Note that on many modern systems, | |
581 | .BR systemd (1) | |
582 | automatically mounts the | |
583 | .I cgroup2 | |
584 | filesystem at | |
585 | .I /sys/fs/cgroup/unified | |
586 | during the boot process. | |
dddb7ea1 | 587 | .\" |
44c429ed MK |
588 | .SS Cgroups v2 controllers |
589 | The following controllers, documented in the kernel source file | |
590 | .IR Documentation/cgroup-v2.txt , | |
591 | are supported in cgroups version 2: | |
592 | .TP | |
593 | .IR io " (since Linux 4.5)" | |
594 | This is the successor of the version 1 | |
595 | .I blkio | |
596 | controller. | |
597 | .TP | |
598 | .IR memory " (since Linux 4.5)" | |
599 | This is the successor of the version 1 | |
600 | .I memory | |
601 | controller. | |
602 | .TP | |
603 | .IR pids " (since Linux 4.5)" | |
604 | This is the same as the version 1 | |
605 | .I pids | |
606 | controller. | |
607 | .TP | |
608 | .IR perf_event " (since Linux 4.11)" | |
f7286edc | 609 | This is the same as the version 1 |
44c429ed MK |
610 | .I perf_event |
611 | controller. | |
612 | .TP | |
613 | .IR rdma " (since Linux 4.11)" | |
614 | This is the same as the version 1 | |
615 | .I rdma | |
616 | controller. | |
617 | .TP | |
618 | .IR cpu " (since Linux 4.15)" | |
619 | This is the successor to the version 1 | |
620 | .I cpu | |
621 | and | |
622 | .I cpuacct | |
623 | controllers. | |
624 | .\" | |
2befa495 | 625 | .SS Cgroups v2 subtree control |
8d5f42dc MK |
626 | Each cgroup in the v2 hierarchy contains the following two files: |
627 | .TP | |
628 | .IR cgroup.controllers | |
629 | This is a list of the controllers that are | |
630 | .I available | |
631 | in this cgroup. | |
632 | The contents of this file match the contents of the | |
633 | .I cgroup.subtree_control | |
634 | file in the parent cgroup. | |
635 | .TP | |
636 | .I cgroup.subtree_control | |
637 | This is a list of controllers that are | |
638 | .IR active | |
639 | .RI ( enabled ) | |
640 | in the cgroup. | |
641 | The set of controllers in this file is a subset of the set in the | |
21f0d132 | 642 | .IR cgroup.controllers |
8d5f42dc MK |
643 | of this cgroup. |
644 | The set of active controllers is modified by writing strings to this file | |
645 | containing space-delimited controller names, | |
646 | each preceded by '+' (to enable a controller) | |
647 | or '\-' (to disable a controller), as in the following example: | |
648 | .IP | |
649 | .in +4n | |
650 | .EX | |
651 | echo '+pids -memory' > x/y/cgroup.subtree_control | |
652 | .EE | |
653 | .in | |
654 | .IP | |
c9b101d1 MK |
655 | An attempt to enable a controller |
656 | that is not present in | |
657 | .I cgroup.controllers | |
658 | leads to an | |
659 | .B ENOENT | |
660 | error when writing to the | |
661 | .I cgroup.subtree_control | |
662 | file. | |
663 | .PP | |
8d5f42dc MK |
664 | Because the list of controllers in |
665 | .I cgroup.subtree_control | |
666 | is a subset of those | |
667 | .IR cgroup.controllers , | |
668 | a controller that has been disabled in one cgroup in the hierarchy | |
669 | can never be re-enabled in the subtree below that cgroup. | |
670 | .PP | |
671 | A cgroup's | |
672 | .I cgroup.subtree_control | |
673 | file determines the set of controllers that are exercised in the | |
674 | .I child | |
675 | cgroups. | |
676 | When a controller (e.g., | |
677 | .IR pids ) | |
678 | is present in the | |
679 | .I cgroup.subtree_control | |
680 | file of a parent cgroup, | |
681 | then the corresponding controller-interface files (e.g., | |
682 | .IR pids.max ) | |
683 | are automatically created in the children of that cgroup | |
684 | and can be used to exert resource control in the child cgroups. | |
21f0d132 | 685 | .\" |
2468f14e MK |
686 | .SS Cgroups v2 """no internal processes""" rule |
687 | Cgroups v2 enforces a so-called "no internal processes" rule. | |
688 | Roughly speaking, this rule means that, | |
689 | with the exception of the root cgroup, processes may reside | |
690 | only in leaf nodes (cgroups that do not themselves contain child cgroups). | |
691 | This avoids the need to decide how to partition resources between | |
692 | processes which are members of cgroup A and processes in child cgroups of A. | |
693 | .PP | |
694 | For instance, if cgroup | |
695 | .I /cg1/cg2 | |
696 | exists, then a process may reside in | |
697 | .IR /cg1/cg2 , | |
698 | but not in | |
699 | .IR /cg1 . | |
700 | This is to avoid an ambiguity in cgroups v1 | |
701 | with respect to the delegation of resources between processes in | |
702 | .I /cg1 | |
703 | and its child cgroups. | |
704 | The recommended approach in cgroups v2 is to create a subdirectory called | |
705 | .I leaf | |
706 | for any nonleaf cgroup which should contain processes, but no child cgroups. | |
707 | Thus, processes which previously would have gone into | |
708 | .I /cg1 | |
709 | would now go into | |
710 | .IR /cg1/leaf . | |
711 | This has the advantage of making explicit | |
712 | the relationship between processes in | |
713 | .I /cg1/leaf | |
714 | and | |
715 | .IR /cg1 's | |
716 | other children. | |
717 | .PP | |
718 | The "no internal processes" rule is in fact more subtle than stated above. | |
719 | More precisely, the rule is that a (nonroot) cgroup can't both | |
720 | (1) have member processes, and | |
721 | (2) distribute resources into child cgroups\(emthat is, have a nonempty | |
722 | .I cgroup.subtree_control | |
723 | file. | |
724 | Thus, it | |
725 | .I is | |
726 | possible for a cgroup to have both member processes and child cgroups, | |
727 | but before controllers can be enabled for that cgroup, | |
728 | the member processes must be moved out of the cgroup | |
729 | (e.g., perhaps into the child cgroups). | |
e91d4f9e MK |
730 | .PP |
731 | With the Linux 4.14 addition of "thread mode" (described below), | |
732 | the "no internal processes" rule has been relaxed in some cases. | |
2468f14e | 733 | .\" |
754f4cf5 MK |
734 | .SS Cgroups v2 cgroup.events file |
735 | With cgroups v2, a new mechanism is provided to obtain notification | |
736 | about when a cgroup becomes empty. | |
737 | The cgroups v1 | |
738 | .IR release_agent | |
739 | and | |
740 | .IR notify_on_release | |
741 | files are removed, and replaced by a new, more general-purpose file, | |
742 | .IR cgroup.events . | |
743 | This file contains key-value pairs | |
744 | (delimited by newline characters, with the key and value separated by spaces) | |
745 | that identify events or state for a cgroup. | |
746 | Currently, only one key appears in this file, | |
747 | .IR populated , | |
748 | which has either the value 0, | |
749 | meaning that the cgroup (and its descendants) | |
750 | contain no (nonzombie) processes, | |
751 | or 1, meaning that the cgroup contains member processes. | |
a721e8b2 | 752 | .PP |
754f4cf5 MK |
753 | The |
754 | .IR cgroup.events | |
755 | file can be monitored, in order to receive notification when a cgroup | |
756 | transitions between the populated and unpopulated states (or vice versa). | |
757 | When monitoring this file using | |
758 | .BR inotify (7), | |
759 | transitions generate | |
760 | .BR IN_MODIFY | |
761 | events, and when monitoring the file using | |
762 | .BR poll (2), | |
763 | transitions generate | |
764 | .B POLLPRI | |
765 | events. | |
a721e8b2 | 766 | .PP |
ccb1a262 MK |
767 | The cgroups v2 release-notification mechanism provided by the |
768 | .I populated | |
769 | field of the | |
770 | .I cgroup.events | |
771 | file offers at least two advantages over the cgroups v1 | |
754f4cf5 MK |
772 | .IR release_agent |
773 | mechanism. | |
774 | First, it allows for cheaper notification, | |
775 | since a single process can monitor multiple | |
776 | .IR cgroup.events | |
777 | files. | |
778 | By contrast, the cgroups v1 mechanism requires the creation | |
779 | of a process for each notification. | |
a15e0673 | 780 | Second, notification can be delegated to a process that lives inside |
754f4cf5 | 781 | a container associated with the newly empty cgroup. |
c91a9f8a | 782 | .\" |
5e071499 MK |
783 | .SS Cgroups v2 cgroup.stat file |
784 | .\" commit ec39225cca42c05ac36853d11d28f877fde5c42e | |
785 | Each cgroup in the v2 hierarchy contains a read-only | |
786 | .IR cgroup.stat | |
787 | file (first introduced in Linux 4.14) | |
788 | that consists of lines containing key-value pairs. | |
789 | The following keys currently appear in this file: | |
790 | .TP | |
791 | .I nr_descendants | |
792 | This is the total number of visible (i.e., living) descendant cgroups | |
793 | underneath this cgroup. | |
794 | .TP | |
795 | .I nr_dying_descendants | |
796 | This is the total number of dying descendant cgroups | |
797 | underneath this cgroup. | |
798 | A cgroup enters the dying state after being deleted. | |
799 | It remains in that state for an undefined period | |
800 | (which will depend on system load) | |
801 | before being destroyed. | |
802 | .IP | |
803 | A process can't be made a member of a dying cgroup, | |
804 | and a dying cgroup can't be brought back to life. | |
805 | .\" | |
5845e10b MK |
806 | .SS Limiting the number of descendant cgroups |
807 | Each cgroup in the v2 hierarchy contains the following files, | |
808 | which can be used to view and set limits on the number | |
809 | of descendant cgroups under that cgroup: | |
810 | .TP | |
811 | .IR cgroup.max.depth " (since Linux 4.14)" | |
812 | .\" commit 1a926e0bbab83bae8207d05a533173425e0496d1 | |
813 | This file defines a limit on the depth of nesting of descendant cgroups. | |
814 | A value of 0 in this file means that no descendant cgroups can be created. | |
815 | An attempt to create a descendant whose nesting level exceeds | |
816 | the limit fails | |
817 | .RI ( mkdir (2) | |
818 | fails with the error | |
819 | .BR EAGAIN ). | |
820 | .IP | |
821 | Writing the string | |
822 | .IR """max""" | |
823 | to this file means that no limit is imposed. | |
824 | The default value in this file is | |
825 | .IR """max""" . | |
826 | .TP | |
827 | .IR cgroup.max.descendants " (since Linux 4.14)" | |
828 | .\" commit 1a926e0bbab83bae8207d05a533173425e0496d1 | |
829 | This file defines a limit on the number of live descendant cgroups that | |
830 | this cgroup may have. | |
831 | An attempt to create more descendants than allowed by the limit fails | |
832 | .RI ( mkdir (2) | |
833 | fails with the error | |
834 | .BR EAGAIN ). | |
835 | .IP | |
836 | Writing the string | |
837 | .IR """max""" | |
838 | to this file means that no limit is imposed. | |
839 | The default value in this file is | |
840 | .IR """max""" . | |
841 | .\" | |
4242dfbe MK |
842 | .SS Cgroups v2 delegation |
843 | In the context of cgroups, | |
844 | delegation means passing management of some subtree | |
845 | of the cgroup hierarchy to a nonprivileged process. | |
846 | Cgroups v1 provides support for delegation that was | |
847 | accidental and not fully secure. | |
848 | Cgroups v2 supports delegation by explicit design. | |
849 | .PP | |
850 | Some terminology is required in order to describe delegation. | |
851 | A | |
852 | .I delegater | |
853 | is a privileged user (i.e., root) who owns a parent cgroup. | |
854 | A | |
855 | .I delegatee | |
856 | is a nonprivileged user who will be granted the permissions needed | |
857 | to manage some subhierarchy under that parent cgroup, | |
858 | known as the | |
859 | .IR "delegated subtree" . | |
860 | .PP | |
861 | To perform delegation, | |
862 | the delegater makes certain directories and files writable by the delegatee, | |
863 | typically by changing the ownership of the objects to be the user ID | |
864 | of the delegatee. | |
865 | Assuming that we want to delegate the hierarchy rooted at | |
866 | .I /grp1 | |
867 | and that there are not yet any child cgroups under that cgroup, | |
868 | the ownership of the following is changed to the user ID of the delegatee: | |
869 | .TP | |
870 | .IR /grp1 | |
871 | Changing the ownership of the root of the subtree means that any new | |
872 | cgroups created under the subtree (and the files they contain) | |
873 | will also be owned by the delegatee. | |
874 | .TP | |
875 | .IR /grp1/cgroup.procs | |
f7286edc | 876 | Changing the ownership of this file means that the delegatee |
4242dfbe MK |
877 | can move processes into the root of the delegated subtree. |
878 | .TP | |
879 | .IR /grp1/cgroup.subtree_control | |
880 | Making this file owned by the delegatee is optional. | |
881 | Doing so means that that the delegatee can enable controllers | |
882 | (that are present in | |
883 | .IR /grp1/cgroup.controllers ) | |
884 | in order to further redistribute resources at lower levels in the subtree. | |
885 | As an alternative to changing the ownership of this file, | |
886 | the delegater might instead add selected controllers to this file. | |
887 | .PP | |
888 | The delegater should | |
889 | .I not | |
890 | change the ownership of any of the controller interfaces files (e.g., | |
891 | .IR pids.max , | |
892 | .IR memory.high ) | |
893 | in | |
894 | .IR grp1 . | |
895 | Those files are used from the next level above the delegated subtree | |
896 | in order to distribute resources into the subtree, | |
897 | and the delegatee should not have permission to change | |
898 | the resources that are distributed into the delegated subtree. | |
899 | .PP | |
900 | After the aforementioned steps have been performed, | |
901 | the delegatee can create child cgroups within the delegated subtree | |
902 | and move processes between cgroups in the subtree. | |
903 | If some controllers are present in | |
904 | .IR grp1/cgroup.subtree_control , | |
905 | or the ownership of that file was passed to the delegatee, | |
f7286edc | 906 | the delegatee can also control the further redistribution |
4242dfbe MK |
907 | of the corresponding resources into the delegated subtree. |
908 | .PP | |
909 | Some delegation | |
910 | .IR "containment rules" | |
911 | ensure that the delegatee can move processes between cgroups within the | |
912 | delegated subtree, | |
913 | but can't move processes from outside the delegated subtree into | |
914 | the subtree or vice versa. | |
915 | A nonprivileged process (i.e., the delegatee) can write the PID of | |
916 | a "target" process into a | |
917 | .IR cgroup.procs | |
918 | file only if all of the following are true: | |
919 | .IP * 3 | |
920 | The effective UID of the writer (i.e., the delegatee) matches the | |
921 | real user ID or the saved set-user-ID of the target process. | |
922 | .IP * | |
923 | The writer has write permission on the | |
924 | .I cgroup.procs | |
925 | file in the destination cgroup. | |
926 | .IP * | |
927 | The writer has write permission on the | |
928 | .I cgroup.procs | |
929 | file in the common ancestor of the source and destination cgroups. | |
930 | (In some cases, | |
931 | the common ancestor may be the source or destination cgroup itself.) | |
932 | .PP | |
933 | .IR Note : | |
934 | one consequence of these delegation containment rules is that the | |
935 | delegater must place the first process (a process owned by the delegatee) | |
936 | into the delegated subtree. | |
937 | .\" | |
5c2181ad MK |
938 | .SS /proc files |
939 | .TP | |
34eb3340 | 940 | .IR /proc/cgroups " (since Linux 2.6.24)" |
92bb6d36 | 941 | This file contains information about the controllers |
1a4f7d59 | 942 | that are compiled into the kernel. |
34eb3340 MK |
943 | An example of the contents of this file (reformatted for readability) |
944 | is the following: | |
a721e8b2 | 945 | .IP |
34eb3340 | 946 | .in +4n |
b8302363 | 947 | .EX |
4580c2f6 MK |
948 | #subsys_name hierarchy num_cgroups enabled |
949 | cpuset 4 1 1 | |
950 | cpu 8 1 1 | |
951 | cpuacct 8 1 1 | |
952 | blkio 6 1 1 | |
953 | memory 3 1 1 | |
954 | devices 10 84 1 | |
955 | freezer 7 1 1 | |
956 | net_cls 9 1 1 | |
957 | perf_event 5 1 1 | |
958 | net_prio 9 1 1 | |
959 | hugetlb 0 1 0 | |
960 | pids 2 1 1 | |
b8302363 | 961 | .EE |
e646a1ba | 962 | .in |
a721e8b2 | 963 | .IP |
34eb3340 MK |
964 | The fields in this file are, from left to right: |
965 | .RS | |
966 | .IP 1. 3 | |
967 | The name of the controller. | |
968 | .IP 2. | |
92bb6d36 | 969 | The unique ID of the cgroup hierarchy on which this controller is mounted. |
11c0797f | 970 | If multiple cgroups v1 controllers are bound to the same hierarchy, |
34eb3340 | 971 | then each will show the same hierarchy ID in this field. |
92bb6d36 MK |
972 | The value in this field will be 0 if: |
973 | .RS 5 | |
974 | .IP a) 3 | |
975 | the controller is not mounted on a cgroups v1 hierarchy; | |
976 | .IP b) | |
977 | the controller is bound to the cgroups v2 single unified hierarchy; or | |
978 | .IP c) | |
979 | the controller is disabled (see below). | |
980 | .RE | |
34eb3340 MK |
981 | .IP 3. |
982 | The number of control groups in this hierarchy using this controller. | |
983 | .IP 4. | |
984 | This field contains the value 1 if this controller is enabled, | |
985 | or 0 if it has been disabled (via the | |
986 | .IR cgroup_disable | |
987 | kernel command-line boot parameter). | |
988 | .RE | |
989 | .TP | |
5c2181ad | 990 | .IR /proc/[pid]/cgroup " (since Linux 2.6.24)" |
f5faa016 MK |
991 | This file describes control groups to which the process |
992 | with the corresponding PID belongs. | |
5f8a7eb2 | 993 | The displayed information differs for |
2c4fbe35 | 994 | cgroups version 1 and version 2 hierarchies. |
a721e8b2 | 995 | .IP |
5f8a7eb2 | 996 | For each cgroup hierarchy of which the process is a member, |
2e33b59e | 997 | there is one entry containing three colon-separated fields: |
a721e8b2 | 998 | .IP |
4769a778 MK |
999 | .in +4n |
1000 | .EX | |
1001 | hierarchy-ID:controller-list:cgroup-path | |
1002 | .EE | |
1003 | .in | |
a721e8b2 | 1004 | .IP |
5f8a7eb2 | 1005 | For example: |
c1a022dc MK |
1006 | .IP |
1007 | .in +4n | |
1008 | .EX | |
1009 | 5:cpuacct,cpu,cpuset:/daemons | |
1010 | .EE | |
1011 | .in | |
5c2181ad MK |
1012 | .IP |
1013 | The colon-separated fields are, from left to right: | |
5f8a7eb2 | 1014 | .RS |
5c2181ad | 1015 | .IP 1. 3 |
5f8a7eb2 MK |
1016 | For cgroups version 1 hierarchies, |
1017 | this field contains a unique hierarchy ID number | |
1018 | that can be matched to a hierarchy ID in | |
1019 | .IR /proc/cgroups . | |
1020 | For the cgroups version 2 hierarchy, this field contains the value 0. | |
5c2181ad | 1021 | .IP 2. |
5f8a7eb2 | 1022 | For cgroups version 1 hierarchies, |
55f52de8 | 1023 | this field contains a comma-separated list of the controllers |
5f8a7eb2 MK |
1024 | bound to the hierarchy. |
1025 | For the cgroups version 2 hierarchy, this field is empty. | |
5c2181ad | 1026 | .IP 3. |
5f8a7eb2 MK |
1027 | This field contains the pathname of the control group in the hierarchy |
1028 | to which the process belongs. | |
1029 | This pathname is relative to the mount point of the hierarchy. | |
5c2181ad | 1030 | .RE |
2e23a9b2 MK |
1031 | .SH ERRORS |
1032 | The following errors can occur for | |
1033 | .BR mount (2): | |
1034 | .TP | |
1035 | .B EBUSY | |
1036 | An attempt to mount a cgroup version 1 filesystem specified neither the | |
1037 | .I name= | |
1038 | option (to mount a named hierarchy) nor a controller name (or | |
28bcfee9 | 1039 | .IR all ). |
15ce4b0c MK |
1040 | .SH NOTES |
1041 | A child process created via | |
1042 | .BR fork (2) | |
1043 | inherits its parent's cgroup memberships. | |
1044 | A process's cgroup memberships are preserved across | |
1045 | .BR execve (2). | |
bbfdf727 | 1046 | .SH SEE ALSO |
ebbc83be | 1047 | .BR prlimit (1), |
f60a5da2 | 1048 | .BR systemd (1), |
edc2a022 MK |
1049 | .BR systemd-cgls (1), |
1050 | .BR systemd-cgtop (1), | |
325b7eb0 | 1051 | .BR clone (2), |
ebbc83be MK |
1052 | .BR ioprio_set (2), |
1053 | .BR perf_event_open (2), | |
1054 | .BR setrlimit (2), | |
cff6de30 | 1055 | .BR cgroup_namespaces (7), |
69c47536 | 1056 | .BR cpuset (7), |
ebbc83be MK |
1057 | .BR namespaces (7), |
1058 | .BR sched (7), | |
1059 | .BR user_namespaces (7) |