Frequently Asked Question

What are cgroups and what changed in cgroups v2?

Control groups, cgroups, are the kernel mechanism that puts limits on what a group of processes is allowed to consume: how much CPU time, how much memory, how much I/O bandwidth, how many processes, how many open files. Namespaces decide what a process can see; cgroups decide what it can use. Without cgroups a container with a memory leak would happily eat the whole host; with them, the offending container is killed by the OOM killer and its neighbours carry on.

Cgroups v1, the original design from 2007, had a separate hierarchy for each controller (memory, cpu, blkio, pids) and a long history of corner cases where the controllers interacted badly. Cgroups v2, stable since kernel 4.5 (2016) and the default on every mainstream distribution today, replaces that with a single unified hierarchy: every process belongs to exactly one cgroup, and the controllers all attach to the same tree. It also adds a much cleaner pressure-stall-information interface (/proc/pressure/) that lets you see whether processes are waiting for CPU, memory, or I/O. Container runtimes use v2 exclusively on modern systems; v1 is being phased out of distributions.