CGRULES.CONF(5) | libcgroup Manual | CGRULES.CONF(5) |
cgrules.conf - libcgroup configuration file
cgrules.conf configuration file is used by libcgroups to define control groups to which a process belongs.
The file contains a list of rules which assign to a defined group/user a control group in a subsystem (or control groups in subsystems).
Rules have two formats:
<user> <controllers> <destination>
<user>:<process name> <controllers> <destination>
Where:
user can be:
- a user name
- a group name with @group syntax
- the wildcard '*', for any user or group
- '%', which is equivalent to "ditto" (useful for
multi-line rules where different cgroups need to be
specified for various hierarchies for a single user)
process name is optional and it can be:
- a process name
- a full command path of a process
controllers can be:
- comma separated controller names (no spaces) or
- * (for all mounted controllers)
destination can be:
First rule which matches the criteria will be executed.
- path relative to the controller hierarchy (ex. pgrp1/gid1/uid1)
- following strings called "templates" and will get expanded
%u uid
%U username, uid if name resolving fails
%g gid
%G group name, gid if name resolving fails
%p pid
%P process name, pid if name not available
'\' can be used to escape '%'
Any text starting with '#' is considered as a start of comment line and is ignored.
If the destination contains template string, the control group can be created on-fly. In time when some process wants to use the template rule which leads to control group (see cgexec (1)) and the control group does not exist, the group is created. The template control group parameters can be specified in cgconfig.conf configuration file. See (cgconfig.conf (5)). If the template definition is not found there created group have default kernel setting.
To create a hierarchy of configuration files, use /etc/cgrules.d directory.
student devices /usergroup/students
Student's processes in the 'devices' subsystem belong to the control group /usergroup/students.
student:cp devices /usergroup/students/cpWhen student executes 'cp' command, the processes in the 'devices' subsystem belong to the control group /usergroup/students/cp.
@admin * admingroup/Processes started by anybody from admin group no matter in what subsystem belong to the control group admingroup/.
peter cpu test1/ % memory test2/The first line says Peter's task for cpu controller belongs to test1 control group. The second one says Peter's tasks for memory controller belong to test2/ control group.
* * default/All processes in any subsystem belong to the control group default/. Since the earliest matched rule is applied, it makes sense to have this line at the end of the list. It will put a task which was not mentioned in the previous rules to default/ control group.
@students cpu,cpuacct students/%uProcesses in cpu and cpuacct subsystems started by anybody from students group belong to group students/name. Where "name" is user name of owner of the process.
cgconfig.conf (5), cgclassify (1), cgred.conf (5), cgrules.d (5)
2009-03-10 | Linux |