How can I create and use Linux cgroups as a non-root user?
Solution 1
You can't do that as a normal user. But you can setup a cgroup as root, and make it configurable by your user.
If you do not already have the default cgroups controllers mounted by e.g. systemd:
$ sudo mount -t tmpfs cgroup_root /sys/fs/cgroup
$ sudo mkdir /sys/fs/cgroup/cpuset
$ sudo mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset
Create a cgroup:
$ sudo mkdir /sys/fs/cgroup/cpuset/${USER}
$ sudo chown -R ${USER} /sys/fs/cgroup/cpuset/${USER}
You can now modify the configuration of your cgroup as a normal user:
$ echo 0-3 > /sys/fs/cgroup/cpuset/${USER}/cpuset.cpus
Add a process to that group:
$ ./my_task &
$ echo $! > /sys/fs/cgroup/cpuset/${USER}/tasks
Or create a subgroup:
$ mkdir /sys/fs/cgroup/cpuset/${USER}/subgroup
$ echo 0-1 > /sys/fs/cgroup/cpuset/${USER}/subgroup/cpuset.cpus
$ ./my_other_task &
$ echo $! > /sys/fs/cgroup/cpuset/${USER}/subgroup/tasks
Solution 2
If you're using Ubuntu you (the root user) can install cgroup-lite and add what you need to /etc/cgconfig.conf, including which user(s) can change the cgroup's configuration. It runs on boot.
Failing that you (the root user) could add your own script to run during boot.
Related videos on Youtube
Adam Monsen
Stoked about FLOSS. Seeking the truth. Kind. Head of Engineering at C-SATS, Inc. SeaGL founder.
Updated on September 18, 2022Comments
-
Adam Monsen almost 2 years
How can I create and use cgroups as a non-root user?
For example, can I, entirely as a non-root user:
- create a cgroup with access to one CPU
- create a new process in that cgroup
?
I first asked here but I didn't receive a complete answer. I also asked on stackoverflow, but the question was closed as off topic.
-
chris almost 11 yearsThat link for part 1 should probably point to lwn.net/Articles/531114 instead.
-
hbogert about 8 yearshow would you delete the subgroup?
rm -r
fails for me -
Dennis B. about 8 yearsThe linked LWN article is about namespaces, lwn.net/Articles/604609 is about cgroups.
-
Mike S over 6 yearsYou cannot
rmdir
until thetasks
file is empty. root would need to look at the tasks file in the subgroup, and echo each pid there into the root cgroup's tasks file (/dev/cpuset/tasks
on my RHEL 6.7 [kernel 2.6.32-358] box, but it looks like/sys/fs/cgroup/cpuset/tasks
might by appropriate here). -
Michael Hampton almost 3 yearsInteresting. What distributions did this fail on?
-
Mikko Rantalainen almost 3 yearsI'm currently running Ubuntu 18.04 LTS. I know it used to fail with older versions, too, but I haven't tested if it works in more recent version. It appears that it's missing fixes to bug github.com/systemd/systemd/issues/9512 – note that without
sudo
you probably don't want--scope
but--pty
. -
Michael Hampton almost 3 yearsWorks for me on 248, no sudo or --pty needed. I wonder why Ubuntu hasn't backported it? Did nobody open a bug in launchpad?
-
Mikko Rantalainen almost 3 yearsIt seems that the problem was the hack called
snap
by Canonical. It didn't supportcgroupv2
until recently so Ubuntu postponed the switch untilsnap
could work with newer API. This should work with Ubuntu 21.10 or greater according to documentation. -
Mikko Rantalainen almost 3 yearsIf
mount | grep cgroupv2
outputs something, you're running recent enough system.