[Optional] cgroup v2
Enabling cgroup v2 is optional.
Enabling cgroup v2 is often needed for running Rootless Containers with limiting the consumption of the CPU, memory, I/O, and PIDs resources,
docker run --memory 32m.
Note that cgroup is not needed for just limiting resources with traditional ulimit and cpulimit, though they work in process-granularity rather than in container-granularity. See here for the further information.
/sys/fs/cgroup/cgroup.controllers is present on your system, you are using v2, otherwise you are using v1.
As of October 2020, Fedora (since 31) is the only well-known distribution that uses cgroup v2 by default.
Enabling cgroup v2 for containers require kernel 4.15 or later. Kernel 5.2 or later is recommended.
And yet, delegating cgroup v2 controllers to non-root users requires the recent version of systemd. systemd 244 or later is recommended.
To boot the host with cgroup v2, add the following string to the
GRUB_CMDLINE_LINUX line in
/etc/default/grub and then run
By default, a non-root user can only get
memory controller and
pids controller to be delegated.
$ cat /sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers memory pids
To allow delegation of other controllers such as
io, run the following commands:
$ sudo mkdir -p /etc/systemd/system/user@.service.d $ cat <<EOF | sudo tee /etc/systemd/system/user@.service.d/delegate.conf [Service] Delegate=cpu cpuset io memory pids EOF $ sudo systemctl daemon-reload
cpuset is recommended as well as
cpu, but delegating
cpuset requires systemd 244 or later.