Cgroups (control groups) is a Linux kernel feature used to allocate hardware resources among processes. It allows grouping tasks into hierarchical structures and applying management policies to them. While namespaces isolate what a process can see, cgroups control what a process can actually consume.
How it works
Management is performed via a virtual file system, typically located at /sys/fs/cgroup. The kernel provides specific controllers for various resource types:
cpu— limits scheduler shares or execution time;memory— sets limits on RAM and swap usage;blkio— enforces quotas on disk read/write throughput.
This technology is fundamental to containerization. For instance, Docker relies on cgroups to ensure a single container cannot exhaust the host's memory and trigger the OOM Killer for adjacent processes. In cgroup v2, a unified hierarchy was introduced, resolving resource controller conflicts that were prevalent in the original implementation.