cgroups

Jan 1, 0001

Definition

Control Groups (cgroups) are a Linux kernel feature that allows the allocation and management of system resources such as CPU, memory, disk I/O, and network bandwidth for a collection of processes. By organizing processes into hierarchical groups, cgroups enable fine-grained control over resource distribution, ensuring that system resources are used efficiently and preventing any single process from monopolizing resources, which is crucial for maintaining system stability and performance.

Secure Settings Example

# Create a cgroup for limiting CPU usage
cgcreate -g cpu:/secure_group

# Limit the CPU usage to 50% of a single core
echo 50000 > /sys/fs/cgroup/cpu/secure_group/cpu.cfs_quota_us
echo 100000 > /sys/fs/cgroup/cpu/secure_group/cpu.cfs_period_us

# Assign a process to the cgroup
cgclassify -g cpu:secure_group <PID>

Insecure Settings Example

# Create a cgroup without any resource limits
cgcreate -g cpu:/insecure_group

# No limits set, allowing processes to potentially consume all CPU resources
# This can lead to resource starvation for other processes
cgclassify -g cpu:insecure_group <PID>

cgroups

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter