Setting Up Linux Cgroups

Tuesday Jan 18th 2011 by Joe Brockmeier

Initially developed to limit resource usage in the Linux kernel, cgroups can do much more than that. Unfortunately, as handy as they are, cgroups are neither straightforward nor user friendly. Scaling the learning curve to set up and manage them is well worth it, however. These basic tips will get you started.

Last week's column introduced Linux Control Groups (or cgroups), a feature initially developed to limit resource usage in the Linux kernel. But it can do much more, including tweak memory, bandwidth and CPU usage of system processes as well as deny access to system resources. This week, let's delve a bit deeper and actually set up and manage a cgroup.

One of the reasons I'm writing about this topic is that, while useful, it seems vastly under-used and definitely could be simpler. Right now it's as user friendly as SELinux. But if more folks use the feature, it will get more attention -- and likely improve.

On Fedora 14, you'll want the libcgroup package (yum install libcgroup). On Ubuntu 10.10, you'll want the cgroup-bin and libcgroup1 packages. For the purposes of this column, I'm using Fedora 14 -- you will find some differences between Fedora and Ubuntu. The kernel and userland utilities should work the same way, but the default configurations are different. Fedora automatically mounts all the controllers under /cgroup/controller name, while Ubuntu has mounts only for cpu, cpuacct, and devices under /mnt/cgroups.

Simple Configuration of Cgroups

Let's start by confirming that the service starts as advertised. On F14, run service cgconfig start and check under /cgroup/ that the requisite directories are created. Dive under the individual directories, and you'll see the parameters that can be tuned. For example, under /cgroup/memory you'll see the following files:


There's more than that, but you get the idea. If you want to create a limit for maximum memory usage, it's stored in a file called memory.max_usage_in_bytes. (Remember, everything is a file.)

Let's say you want to limit the memory provided to a daemon and all the processes it spawns. How about Apache? First you'll create a group statement in /etc/cgconfig.conf like so:

group http {
	memory {
		memory.limit_in_bytes = 1024M;

Next, add this to the /etc/sysconfig/httpd.conf:


You should be good to go. Just start the cgconfig service and then the httpd service.

I could write much more about cgroups, and I may return to the topic again if there's sufficient interest -- let me know in the comments. In the meantime, the Fedora wiki is a good source of info on the topic, despite being written ahead of the Fedora 11 release (as of this writing, anyway), so some bits may be slightly out of date.

Joe 'Zonker' Brockmeier is a freelance writer and editor with more than 10 years covering IT. Formerly the openSUSE Community Manager for Novell, Brockmeier has written for Linux Magazine, Sys Admin, Linux Pro Magazine, IBM developerWorks,,, Linux Weekly News, ZDNet, and many other publications. You can reach Zonker at and follow him on Twitter.

Follow ServerWatch on Twitter

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved