A cgroup (control group) is a Linux kernel feature that groups processes together so that resources—CPU, memory, I/O bandwidth, number of PIDs—can be accounted and limited per group. Introduced around 2006 and substantially overhauled in cgroups v2 (2016), it is the foundation of modern container runtimes, systemd's service supervision, and many resource-management scenarios.
A cgroup is a node in a filesystem-like hierarchy under /sys/fs/cgroup/. Writing a PID to the cgroup.procs file of a cgroup moves that process into it. Each cgroup has controller files (memory.max, cpu.max, io.weight) that set its limits.
systemd-cgls # tree of cgroups
systemd-cgtop # top-like view by cgroup
cat /sys/fs/cgroup/system.slice/nginx.service/cgroup.procs
systemctl show nginx --property=MemoryCurrent
systemctl set-property nginx MemoryMax=512M
Systemd creates a cgroup per unit automatically, so every service, scope, and slice lives in its own resource-controlled group. Container runtimes like Docker and Podman use cgroups to enforce their per-container limits (--memory, --cpus). Together with namespaces, cgroups are what make Linux containers possible.
Related terms: Linux Namespace, systemd, Container, nice
Discussed in:
- Chapter 13: System Services and systemd — Cgroups and Resource Limits
Also defined in: Textbook of Linux