2
.\"***********************************
4
cgconfig.conf \- libcgroup configuration file
5
.\"***********************************
8
is the configuration file used by
10
to define control groups, their parameters and also mount points.
16
These sections can be in arbitrary order.
17
Any line starting with '#' is considered as comment line and is
29
<controller> = <path>;
40
Name of kernel subsystem. List of subsystems supported by kernel
45
merges all subsystems mounted to the same directory (see
46
Example 1) and the directory is mounted only once.
50
The directory path, where group hierarchy associated to given
51
controller, shall be mounted. The directory is created
52
automatically on cgconfig service startup if it does not exist and
53
is deleted on service shutdown.
68
<param name> = <param value>;
83
Name of the control group. It can contain only characters, which are
84
allowed for directory names.
85
The groups form a tree, i.e. a control group can contain zero or more
86
subgroups. Subgroups can be specified using '/' delimiter.
88
The root control group is always created automatically in all hierarchies
89
and it is the base of the group hierarchy. It can be explicitly specified in
91
file by using '.' as group name. This can be used e.g. to set its permissions,
92
as shown in Example 5.
94
When the parent control group of a subgroup is not specified,
95
then it is created automatically.
99
Permissions of the given control group on mounted filesystem.
101
has always permission to do anything with the control group.
102
Permissions have the following syntax:
131
Name of the user and the group, which owns
133
file of the control group. I.e. this user and members of this
134
group has write access to the file.
136
.B "admin user/group"
137
Name of the user and the group, which owns the rest of control group's
138
files. These users are allowed to set subsystem
139
parameters and create subgroups.
141
Permissions are related only to enclosing control group and are not
142
inherited by subgroups. If there is no
144
section in control group definition,
146
is owner of all files.
150
Name of the kernel subsystem.
152
empty, default kernel parameters will be used in this case. By
155
the control group and all its parents are controlled by the specific
156
subsystem. One control group can be controlled by multiple subsystems,
157
even if the subsystems are mounted to different directories. Each
158
control group must be controlled by at least one subsystem, so
160
knows, in which hierarchies the control group should be created.
162
The parameters of given controller can be modified in following section
163
enclosed in brackets.
167
Name of the file to set. Each controller can have zero or more
171
Value, which should be written to the file when the control group is
175
.\"********************************************"
180
The configuration file:
186
cpu = /mnt/cgroups/cpu;
187
cpuacct = /mnt/cgroups/cpu;
193
creates the hierarchy controlled by two subsystems, with no groups
194
inside. It corresponds to following operations:
198
mkdir /mnt/cgroups/cpu
199
mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu
205
The configuration file:
211
cpu = /mnt/cgroups/cpu;
212
cpuacct = /mnt/cgroups/cpu;
269
creates the hierarchy controlled by two subsystems with one group and
270
two subgroups inside, setting one parameter.
271
It corresponds to following operations:
275
mkdir /mnt/cgroups/cpu
276
mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu
278
mkdir /mnt/cgroups/cpu/daemons
280
mkdir /mnt/cgroups/cpu/daemons/www
281
chown root:root /mnt/cgroups/cpu/daemons/www/*
282
chown root:webmaster /mnt/cgroups/cpu/daemons/www/tasks
283
echo 1000 > /mnt/cgroups/cpu/daemons/www/cpu.shares
285
mkdir /mnt/cgroups/cpu/daemons/ftp
286
chown root:root /mnt/cgroups/cpu/daemons/ftp/*
287
chown root:ftpmaster /mnt/cgroups/cpu/daemons/ftp/tasks
288
echo 500 > /mnt/cgroups/cpu/daemons/ftp/cpu.shares
294
group is created automatically when its first subgroup is
295
created. All its parameters have the default value and only root can
296
access group's files.
302
subsystems are mounted to the same directory, all
303
groups are implicitly controlled also by
305
subsystem, even if there is no
307
section in any of the groups.
312
The configuration file:
319
cpu = /mnt/cgroups/cpu;
320
cpuacct = /mnt/cgroups/cpuacct;
334
creates two hierarchies and one common group in both of them.
335
It corresponds to following operations:
339
mkdir /mnt/cgroups/cpu
340
mkdir /mnt/cgroups/cpuacct
341
mount -t cgroup -o cpu cpu /mnt/cgroups/cpu
342
mount -t cgroup -o cpuacct cpuacct /mnt/cgroups/cpuacct
344
mkdir /mnt/cgroups/cpu/daemons
345
mkdir /mnt/cgroups/cpuacct/daemons
349
In fact there are two groups created. One in
351
hierarchy, the second in
353
hierarchy. These two groups have nothing in common and can
354
contain different subgroups and different tasks.
359
The configuration file:
366
cpu = /mnt/cgroups/cpu;
367
cpuacct = /mnt/cgroups/cpuacct;
399
creates two hierarchies with few groups inside. One of groups
400
is created in both hierarchies.
402
It corresponds to following operations:
406
mkdir /mnt/cgroups/cpu
407
mkdir /mnt/cgroups/cpuacct
408
mount -t cgroup -o cpu cpu /mnt/cgroups/cpu
409
mount -t cgroup -o cpuacct cpuacct /mnt/cgroups/cpuacct
411
mkdir /mnt/cgroups/cpuacct/daemons
412
mkdir /mnt/cgroups/cpu/daemons
413
mkdir /mnt/cgroups/cpu/daemons/www
414
mkdir /mnt/cgroups/cpu/daemons/ftp
419
is created in both hierarchies. In
421
hierarchy the group is explicitly mentioned in the configuration
424
hierarchy is the group created implicitly when
426
is created there. These two groups have nothing in common, for example
427
they do not share processes and subgroups. Groups
433
hierarchy and are not controlled by
439
The configuration file:
445
cpu = /mnt/cgroups/cpu;
446
cpuacct = /mnt/cgroups/cpu;
497
creates the hierarchy controlled by two subsystems with one group with some
499
It corresponds to following operations:
503
mkdir /mnt/cgroups/cpu
504
mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu
506
chown root:operator /mnt/cgroups/cpu/*
507
chown root:operator /mnt/cgroups/cpu/tasks
509
mkdir /mnt/cgroups/cpu/daemons
510
chown root:operator /mnt/cgroups/cpu/daemons/*
511
chown root:daemonmaster /mnt/cgroups/cpu/daemons/tasks
515
Users, which are members of the
517
group are allowed to administer the control groups, i.e. create new control
518
groups and can move processes between these groups without having root
523
group can move processes to
525
control group, but they can not move the process out of the group. Only
530
.SS Keep hierarchies separated
531
Having multiple hierarchies is perfectly valid and can be useful
532
in various scenarios. To keeps things clean, do not
533
create one group in multiple hierarchies. Examples 3 and 4 shows,
534
how unreadable and confusing it can be, especially when reading
535
somebody others configuration file.
537
.SS Explicit is better than implicit
539
can implicitly create groups which are needed for creation of
540
configured subgroups. This may be useful and save some typing in
541
simple scenarios. When it comes to multiple hierarchies, it's
542
better to explicitly specify all groups and all controllers
549
.B /etc/cgconfig.conf
551
default libcgroup configuration file
558
Parameter values can be only single string without spaces.
559
Parsing of quoted strings is not implemented.