[Optional] cgroup v2
Enabling cgroup v2 is optional.
Enabling cgroup v2 is often needed for running Rootless Containers with limiting the consumption of the CPU, memory, I/O, and PIDs resources,
docker run --memory 32m.
Note that cgroup is not needed for just limiting resources with traditional ulimit and cpulimit, though they work in process-granularity rather than in container-granularity. See here for the further information.
/sys/fs/cgroup/cgroup.controllers is present on your system, you are using v2, otherwise you are using v1.
The following distributions are known to use cgroup v2 by default:
- Fedora (since 31)
- Arch Linux (since April 2021)
- openSUSE Tumbleweed (since c. 2021)
- Debian GNU/Linux (since 11)
- Ubuntu (since 21.10)
- RHEL and RHEL-like distributions (since 9)
Enabling cgroup v2 for containers requires kernel 4.15 or later. Kernel 5.2 or later is recommended.
And yet, delegating cgroup v2 controllers to non-root users requires a recent version of systemd. systemd 244 or later is recommended.
To boot the host with cgroup v2, add the following string to the
GRUB_CMDLINE_LINUX line in
/etc/default/grub and then run
For ubuntu on azure, you should add this in
By default, a non-root user can only get
memory controller and
pids controller to be delegated.
$ cat /sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers memory pids
To allow delegation of other controllers such as
io, run the following commands:
$ sudo mkdir -p /etc/systemd/system/user@.service.d $ cat <<EOF | sudo tee /etc/systemd/system/user@.service.d/delegate.conf [Service] Delegate=cpu cpuset io memory pids EOF $ sudo systemctl daemon-reload
cpuset is recommended as well as
cpuset requires systemd 244 or later.
After changing the systemd configuration, you need to re-login or reboot the host. Rebooting the host is recommended.