Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config-linux: clarify cgroup requirements #493

Merged
merged 4 commits into from
Jul 25, 2016
Merged

config-linux: clarify cgroup requirements #493

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9ffd724
config-linux: cleanup cgroup wording
cyphar Jun 10, 2016
0c440a2
config-linux: clarify cgroupsPath
cyphar Jun 8, 2016
4291fd1
config-linux: allow lazy cgroup handling
cyphar Jun 8, 2016
4ed839e
config-linux: add example of cgroup resource limits
cyphar Jul 7, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
config-linux: cleanup cgroup wording 
Some of the wording was a bit clumsy (and incorrect, by conflating
different concepts in control groups as "cgroups").

Signed-off-by: Aleksa Sarai <asarai@suse.de>
  • Loading branch information
@cyphar
cyphar committed Jul 21, 2016
commit 9ffd72407bb67fcf24708f6d8df160aa0334a483
15 changes: 7 additions & 8 deletions config-linux.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,29 +154,28 @@ In addition to any devices configured with this setting, the runtime MUST also s
## Control groups

Also known as cgroups, they are used to restrict resource usage for a container and handle device access.
cgroups provide controls to restrict cpu, memory, IO, pids and network for the container.
cgroups provide controls (through controllers) to restrict cpu, memory, IO, pids and network for the container.
For more information, see the [kernel cgroups documentation][cgroup-v1].

The path to the cgroups can be specified in the Spec via `cgroupsPath`.
`cgroupsPath` can be used to either control the cgroup hierarchy for containers or to run a new process in an existing container.
`cgroupsPath` is expected to be relative to the cgroups mount point.
If `cgroupsPath` is not specified, implementations can define the default cgroup path.
Implementations of the Spec can choose to name cgroups in any manner.
The Spec does not include naming schema for cgroups.
The Spec does not support [split hierarchy][cgroup-v2].
The Spec does not support per-controller paths for the reasons discussed in the [cgroupv2 documentation][cgroup-v2].
The cgroups will be created if they don't exist.

You can configure a container's cgroups via the `resources` field of the Linux configuration.
Do not specify `resources` unless limits have to be updated.
For example, to run a new process in an existing container without updating limits, `resources` need not be specified.

###### Example

```json
"cgroupsPath": "/myRuntime/myContainer"
```

`cgroupsPath` can be used to either control the cgroups hierarchy for containers or to run a new process in an existing container.

You can configure a container's cgroups via the `resources` field of the Linux configuration.
Do not specify `resources` unless limits have to be updated.
For example, to run a new process in an existing container without updating limits, `resources` need not be specified.

#### Device whitelist

`devices` is an array of entries to control the [device whitelist][cgroup-v1-devices].
Expand Down