|
|
4733.
|
|
|
As of Ubuntu 14.04, users are automatically placed in a set of cgroups which they own, safely allowing them to contrain their own jobs using child cgroups. This feature is relied upon, for instance, for unprivileged container creation in lxc.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:151(para)
|
|
|
4734.
|
|
|
Manager
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:161(title)
|
|
|
4735.
|
|
|
The cgroup manager (cgmanager) provides a D-Bus service allowing programs and users to administer cgroups without needing direct knowledge of or access to the cgroup filesystem. For requests from tasks in the same namespaces as the manager, the manager can directly perform the needed security checks to ensure that requests are legitimate. For other requests - such as those from a task in a container - enhanced D-Bus requests must be made, where process-, user- and group-ids are passed as SCM_CREDENTIALS, so that the kernel maps the identifiers to their global host values.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:163(para)
|
|
|
4736.
|
|
|
To fascilitate the use of simple D-Bus calls from all users, a 'cgroup manager proxy' (cgproxy) is automatically started when in a container. The proxy accepts standard D-Bus requests from tasks in the same namespaces as itself, and converts them to SCM-enhanced D-Bus requests which it passes on to the cgmanager.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:175(para)
|
|
|
4737.
|
|
|
A simple example of creating a new cgroup in which to run a cpu-intensive compile would look like:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:183(para)
|
|
|
4738.
|
|
|
cgm create cpuset build1 cgm movepid cpuset build1 $$ cgm setvalue cpuset build1 cpuset.cpus 1 make
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:188(command)
|
|
|
4739.
|
|
|
cgm
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:204(ulink)
|
|
|
4743.
|
|
|
The upstream cgmanager project is hosted at <ulink url="http://cgmanager.linuxcontainers.org">linuxcontainers.org</ulink>.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:212(para)
|
|
|
4744.
|
|
|
The upstream kernel documentation page on cgroups can be seen <ulink url="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/cgroups">here </ulink>.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:217(para)
|
|
|
4745.
|
|
|
The freedesktop.org control group usage guidelines can be seen <ulink url="http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups/">here</ulink>.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/cgroups.xml:223(para)
|
