"Control cgroups, usually referred to as cgroups, are a Linux kernel feature which allow processes to be organized into hierarchical groups whose usage of various types of resources can then be limited and monitored." - man 7 cgroups

cgroup is one of the linux namespaces. (see man namespaces for more info.)

Links

• https://wiki.archlinux.org/index.php/Cgroups
• https://www.paranoids.at/cgroup-ubuntu-18-04-howto/

Tools and stuff

• lsns - list namespaces
• cgcreate - create new cgroup
• cgexec - run the task in given control group
• cgclassify - move running task(s) to given cgroup
• nsenter - Run a command in a referenced process cgroup config
• systemd-cgls - systemd-cgls - Recursively show control group contents
• systemd-cgtop - Show top control groups by their resource usage
• /proc/self/cgroup - cgroup introspection

Various cgroup-aware tool examples

ps cgroup output

ps -o pid,ppid,user,comm,flags,%cpu,sz,%mem,cgname

Run a process in another cgroup

With nsenter you specify a target pid to reference, and then specify which namespaces of its you want to enter.

On Ubuntu 18.04, udev mounts devices in a non-global namespace, which prevents normal users from viewing those mounts. You must use nsenter to enter the udevd namespaces to view the mounts, using either --all to get all namespaces of udevd, or --mount for just that one required namespace:

root@bionic:~# lsblk -o NAME,MOUNTPOINT /dev/sdc
NAME   MOUNTPOINT
sdc
└─sdc1

root@bionic:~# nsenter --all -t $(pgrep systemd-udevd) lsblk -o NAME,MOUNTPOINT /dev/sdc
NAME   MOUNTPOINT
sdc
└─sdc1 /mnt/adea64ca-e340-4961-8a4d-75d8a5970664

root@bionic:~# nsenter --mount -t $(pgrep systemd-udevd) lsblk -o NAME,MOUNTPOINT /dev/sdc
NAME   MOUNTPOINT
sdc
└─sdc1 /mnt/adea64ca-e340-4961-8a4d-75d8a5970664

See udev for one permanent fix for this.

Find the path to a namespace

The path to a namespace can be used in some instances instead of the pid. We can discover the path to a namespace by using lsns.

root@bionic:~# lsns -p $(pgrep udevd) -o +PATH
        NS TYPE   NPROCS   PID USER COMMAND                    PATH
4026531835 cgroup    173     1 root /sbin/init                 /proc/1/ns/cgroup
4026531836 pid       173     1 root /sbin/init                 /proc/1/ns/pid
4026531837 user      173     1 root /sbin/init                 /proc/1/ns/user
4026531838 uts       173     1 root /sbin/init                 /proc/1/ns/uts
4026531839 ipc       173     1 root /sbin/init                 /proc/1/ns/ipc
4026532009 net       173     1 root /sbin/init                 /proc/1/ns/net
4026532286 mnt         1  5480 root /lib/systemd/systemd-udevd /proc/5480/ns/mnt