Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Mounting cgroups inside a docker container

Tags:

linux

docker

linux-kernel

mount

I dockerized a component that follows a process model. The master process forks itself many times. I want to establish a cgroup hierarchy inside the docker container to vary the CPU and memory limit on a per process basis.

Is there a way I can do this without using '--privileged' or 'CAP_SYTEM_ADMIN'?

Is there a way I can make the cgroup that the container belongs to as the root of the cgroup subsytem that I am implementing for the processes? (Divide the resources allocated to the container among the processes).

like image 844
Phelodas Avatar asked Sep 12 '15 01:09

Phelodas

People also ask

How are cgroups used in Docker?

So basically you use cgroups to control how much of a given key resource (CPU, memory, network, and disk I/O) can be accessed or used by a process or set of processes. Cgroups are a key component of containers because there are often multiple processes running in a container that you need to control together.

How can cgroups be used to secure containers?

Cgroups make each container use a fair share of CPU relative to the other containers. This prevents oversubscription on the host VM where one or more containers hog the CPU and leave no computing resources to the others. The way cgroups allocate CPU time is based on shares.

Does Docker use cgroups v2?

Docker supports cgroup v2 since Docker 20.10. Running Docker on cgroup v2 also requires the following conditions to be satisfied: containerd: v1. 4 or later.

What is a container cgroups?

Control groups (cgroups) Cgroups are fundamental blocks of making a container. A cgroup allocates and limits resources such as CPU, memory, network I/O that are used by containers. The container engine automatically creates a cgroup filesystem of each type, and sets values for each container when the container is run.

1 Answers

The conclusion that I came to was that there is no current solution for this since Docker does not support cgroup virtualization nor does the Linux kernel. We need some form of cgroup virtualization in order to implement cgroups inside a container.

lxc does this using a FUSE based solution called lxcfs : https://linuxcontainers.org/lxcfs/introduction/

Also, there is a kernel patch that supports cgroup namespaces which as far as I can see have not been approved : https://lwn.net/Articles/605903/.

like image 104
Phelodas Avatar answered Sep 17 '22 11:09

Phelodas
Sign in to Comment

Related questions

Error using insmod "Could not insert module hello_world.ko: Invalid module format"
Get functions names in a shared library programmatically
Tomcat Server creating Directories in tmp
Linux timestamping for TCP sockets
occasionally missing PTRACE_EVENT_VFORK when running ptrace
How to target Mono framework from VS2015?
BCP Utility Unable to Export Data in Linux Using JAVA:
Loading python support in gdb
Change default C++ standard in g++
Runner is not healthy and will be disabled
Switch GNOME Terminal Profile from the command line
Is there a Python equivalent to Java's AWT Robot class? [closed]
D-Bus threading model
How to prevent SQL injection in MySQL's command-line shell interface?
read, highlight, save PDF programmatically
Can I use Linux/Mono to deploy aspnet web application?
How do I atomically create a locked file in Linux?
Installing PHP in my home directory
GDB won't load source file
IPython keyboard interrupt CTRL + C inconsistent

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!