How I read the cgroups manual.

1 How I read the cgroups manual.

1.1 Literature

Total 160 pages.

1.1.1 man 8 cgroups


Not the last version, but I already lost the filename. From some kernel file October 2015, Tejun Heo

1.1.3 RHEL 6 Resource Management Guide

1.1.4 RHEL 7 Resource Management Guide

1.2 Which packages are responsible for cgroups in Slackware?

1.2.1 sysvinit-scripts-2.1-noarch-26:28:etc/rc.d/rc.S

Mounts the v1 filesystem and starts the services.

1.2.2 cgmanager-0.42-x86_64-1

Is used mostly for proxying control groups to containers.

1.2.3 libcgroup-0.41-x86_64-5

Has an actual daemon to manage control groups.

1.3 Which files are responsible for cgroups in Slackware

1.3.1 sysvinit-scripts: /etc/rc.d/rc.S

  1. Mounts the v1 controllers at lines 51-74
  2. Starts cgmanager/cgproxy at lines 375-378
  3. Starts libcgroup services at lines 380-384

1.3.2 cgmanager: /etc/rc.d/rc.cgmanager

1.3.3 cgmanager: /etc/rc.d/rc.cgproxy

1.3.4 libcgroup: /etc/rc.d/rc.cgconfig

1.3.5 libcgroup: /etc/rc.d/rc.cgred

1.3.6 libcgroup: /etc/cgconfig.conf

1.3.7 libcgroup: /etc/cgrules.conf default libcgroup configuration file

1.3.8 libcgroup: /etc/cgrules.d default libcgroup configuration files directory

1.3.9 /etc/cgconfig.conf default templates file

1.3.10 /etc/cgconfig.d default templates directory

1.4 Which binaries we can use

1.4.1 libcgroup: usr/bin/cgclassify

1.4.2 libcgroup: usr/bin/cgcreate

1.4.3 libcgroup: usr/bin/cgdelete

1.4.4 libcgroup: usr/bin/cgexec

1.4.5 libcgroup: usr/bin/cgget

1.4.6 libcgroup: usr/bin/cgset

1.4.7 libcgroup: usr/bin/cgsnapshot

1.4.8 libcgroup: usr/bin/lscgroup

1.4.9 libcgroup: usr/bin/lssubsys

1.4.10 libcgroup: usr/sbin/cgclear

1.4.11 libcgroup: usr/sbin/cgconfigparser

1.4.12 libcgroup: usr/sbin/cgrulesengd

1.4.13 cgmanager: usr/bin/cgm

1.4.14 cgmanager: usr/sbin/cgmanager

1.4.15 cgmanager: usr/sbin/cgproxy

1.5 Basic logic for the resource usage restriction

  1. I want nasty guys to never occupy more than 75% of the cpu.

    echo 10000 > /sys/fs/cgroup/cpu/firefox/cpu.cfs_period_us echo 30000 > /sys/fs/cgroup/cpu/firefox/cpu.cfs_quota

    1. Should I even want to launch every firefox window as a separate group?

      Because when Firefox eats all the CPU, it seems to be doing so with all processes.

  2. I want to make nasty guys never have more than memsize/2 of memory.


  3. I want GUI subsystem apps to never swap and always have at least 10% cpu and at least 1Gb of RAM.

    The GUI subsystem apps are: Xorg xfdesktop xfwm4 xfce4-* Thunar* /usr/lib64/xfce4* /usr/libexec/* xscreensaver scim

    cpu is set by: echo 128 > /sys/fs/cgroup/cpu/gui/cpu.shares

    No swap option is set by: echo 0 > /sys/fs/cgroup/gui/memory.swappiness

    Using controllers v1, it seems that it’s not possible to set the ’guaranteed’ amount of RAM.

  4. I want mission-critical apps to have at least 1Gb of memory and have at least 25% cpu

    Mission-critical apps are: /sbin/* /usr/sbin/* /usr/local/sbin/* Anything that UID1 runs. $(cat /etc/shells) SCREEN /usr/bin/dbus-daemon /bin/su /bin/sulogin

    cpu is set by: echo 256 > /sys/fs/cgroup/cpu/system/cpu.shares

    memory: I don’t know how to give a minimal memory guarantee to an app using v1 controllers.

  5. I want to always have at least $MEMSIZE of swap free (for hibernation)
    1. I need to add ’swapaccount=1’ to boot/efi
    2. I need to set the memory limit in the root group:

      /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes Needs to have the value of swap size. command: free -b | awk ’Swap {print $3}’

      I need to add it to cgrules.conf, right?

  6. I want any process to never occupy more than 90% of the cpu time

    CONFIG_CFS_BANDWIDTH, cpu controller Seems weird, as if I have to make a group for every process out there.

    echo 100000 > /sys/fs/cgroup/cpu/cpu.cfs_period_us echo 360000 > /sys/fs/cgroup/cpu/cpu.cfs_quota

  7. I want to use the Lennart’s “bash grouping trick”
    1. /sbin/lwf_rc.auto_cpu_cgroup_remover


      cgdelete -g cpu:“$*” fi #if [ “$*” != “/user” ]; then


    2. /etc/rc.d/rc.lwf_lennarts_bash_trick

      #!/bin/sh . /etc/rc.d/init.d/functions

      start() { echo -n $“Setting the cpu cgroup release agent: ” echo “/sbin/rc.auto_cpu_cgroup_remover” > /sys/fs/cgroup/cpu/release_agent

      for username in $(awk -F: ’$3 >= 1000 && $1 != “nobody” {print $1}’ /etc/passwd); do

      cgcreate -g cpu:/$username/private -t $username:users -a $username:users –dperm=755 –tperm=755 –fperm=755 done echo I also need to add a dynamic rule to the cgred service… TODO chmod +x /etc/profile.d/ chmod +x /etc/profile.d/00lwf_bash_group.csh return $? } stop() { echo -n $“Clearing the cpu cgroup release agent: ” echo “” > /sys/fs/cgroup/cpu/release_agent chmod -x /etc/profile.d/ chmod -x /etc/profile.d/00lwf_bash_group.csh echo -n $“Clearing user groups.” for dirname in $(find . -type d -not -path ’.’ -not -path ’..’ -printf “%f ”); do cgdelete -r -g cpu:/users/private done return $? } status() { echo $“Release agent: ” cat -t /sys/fs/cgroup/cpu/release_agent echo $“Profile status:” file=/etc/profile.d/ for file in {“/etc/profile.d/”,“/etc/profile.d/”} ; do if ( -x “$file” ) then echo “File ‘$file’ is executable” else echo “File ‘$file’ is not executable or found” endif done return $? } case “\(1" in start) start RETVAL=\)? ;; stop) stop RETVAL=\(? ;; status) status RETVAL=\)? ;; restart) stop start RETVAL=$? ;;

      *) echo $“Usage: $0 {start|stop|status}” RETVAL=2 ;; esac

      exit $RETVAL

    3. Add rc.lwf_set_auto_cpu_cgroup_remover to /etc/rc.d/rc3.d and rc4.d

      Add these lines to the ln -s /etc/rc.d/rc.lwf_lennarts_bash_trick /etc/rc.d/rc3.d/S00cpu_cgroup_remover ln -s /etc/rc.d/rc.lwf_lennarts_bash_trick /etc/rc.d/rc4.d/S00cpu_cgroup_remover

    4. /etc/profile.d/

      if [ “$PS1” ] ; then #mkdir -m 0700 /sys/fs/cgroup/cpu/user/\[ agroupname=/users/$(whoami)/private/\] cgcreate -g $agroupname echo $$ > $agroupname/tasks fi

    5. /etc/profile.d/00lwf_bash_group.csh

      /bin/echo “I have no idea how to implement this in C-shell.”

  8. I want some more latency tricks.

    I’m not sure about the next line: Is one millisecond a lot or not? echo 1000000 > /proc/sys/kernel/sched_min_granularity_ns

1.5.1 I want to never have to launch cgexec manually

1.5.2 I want to use stock Slackware tools, whenever possible

1.5.3 I want to use cgroupv2 controllers whenever possible.

1.6 Limitations

1.6.1 cpuset controller is not working in v2

1.6.2 cpuset controller does not work with hibernation

1.6.3 rc.S explicitly mounts the v1 controllers

1.6.4 libcgroup doesn’t seem to support setting release_agent

1.7 Questions to the community

1.7.2 A question on the libcgroups mailing list

TODO: awaits moderation

1.8 I do use the dlack’s PAM packages

So I can just as well cofigure PAM to juggle groups But I will defer this till version 2.

1.9 Decisions

1.9.1 It seems that I have to use the controllers v1