8.1 About cgroups

A cgroup is a collection of processes (tasks) that you bind together by applying a set of criteria that control the cgroup's access to system resources. You can create a hierarchy of cgroups, in which child cgroups inherits its characteristics from the parent cgroup. You can use cgroups to manage processes in the following ways:

  • Limit the CPU, I/O, and memory resources that are available to a group.

  • Change the priority of a group relative to other groups.

  • Measure a group's resource usage for accounting and billing purposes.

  • Isolate a group's files, processes, and network connections from other groups.

  • Freeze a group to allow you to create a checkpoint.

You can create and manage cgroups in the following ways:

  • By editing the cgroup configuration file /etc/cgconfig.conf.

  • By using cgroups commands such as cgcreate, cgclassify, and cgexec.

  • By manipulating a cgroup's virtual file system, for example, by adding process IDs to tasks directories under /sys/fs/cgroup.

  • By editing the cgroup rules file /etc/cgrules.conf so that the rules engine or PAM move processes into cgroups automatically.

  • By using additional application software such as Linux Containers.

  • By using the APIs that are provided in libvirt.

Because you might ultimately want to deploy cgroups in a production environment, this chapter demonstrates how to configure cgroups by editing the /etc/cgconfig.conf and /etc/cgrules.conf files, and how to configure PAM to associate processes with cgroups.


To use cgroups, you must install the libcgroup package on your system.