Control Groups (cgroups)
Control Groups (cgroups) are a Linux kernel feature that allows you to organize processes hierarchically and apply resource limits to them. They provide fine-grained control over how system resources such as CPU time, memory, disk I/O, and network bandwidth are distributed among groups of processes.
Cgroups are foundational to containerization technologies (like Docker, Podman, and Kubernetes), systemd resource control, and workload isolation in modern Linux systems.
Purpose of cgroups
- Resource limiting: Restrict how much memory, CPU, or I/O a group of processes can consume.
- Prioritization: Ensure critical services get more CPU cycles or memory allocation than background tasks.
- Accounting: Track resource usage of processes for monitoring and reporting.
- Isolation: Prevent runaway processes from overwhelming the system.
- Freezing: Suspend and resume groups of processes in a controlled way.
Cgroups v1 vs v2
| Feature | cgroups v1 | cgroups v2 |
|---|---|---|
| Hierarchy | Multiple independent hierarchies (one per controller). | Unified single hierarchy for all controllers. |
| Controllers | Each controller (e.g., cpu, memory, blkio, freezer) mounts separately. | All controllers live in one hierarchy, simplifying management. |
| Process model | A process can belong to different cgroups across controllers. | A process belongs to a single cgroup in the unified tree. |
| Interface | Legacy files under /sys/fs/cgroup/<controller>/.... | Unified interface under /sys/fs/cgroup/.... |
| Freezer | Dedicated freezer controller. | Integrated cgroup.freeze file in each cgroup. |
| Adoption | Widely used for older container runtimes and legacy workloads. | Default for modern Linux distros (e.g., Amazon Linux 2023, Ubuntu 22.04+, RHEL 9). |
Examples
Create a cgroup (v2)
# Make a new cgroup
sudo mkdir /sys/fs/cgroup/mygroup
# Add a process (replace PID with actual process ID)
echo <PID> | sudo tee /sys/fs/cgroup/mygroup/cgroup.procs
Limit memory usage
# Limit to 200 MB
echo 200M | sudo tee /sys/fs/cgroup/mygroup/memory.max
Limit CPU usage
# Allow up to 50% of one CPU
echo "50000 100000" | sudo tee /sys/fs/cgroup/mygroup/cpu.max
Freeze and resume processes
# Freeze all processes in the group
echo 1 | sudo tee /sys/fs/cgroup/mygroup/cgroup.freeze
# Unfreeze them
echo 0 | sudo tee /sys/fs/cgroup/mygroup/cgroup.freeze
Conclusion
Cgroups provide the foundation for modern workload management in Linux, ensuring fairness, stability, and security by controlling how processes consume resources. The transition from cgroups v1 to v2 simplified management, standardized interfaces, and enhanced functionality.
Whether you are running containers, managing system services with systemd, or building multi-tenant applications, understanding cgroups is essential for effective resource control and system reliability.