cgcreate

Create a new [g]roup

$ cgcreate -g [group_type]:[group_name]

$ cgcreate -g [group_type1],[group_type2]:[group_name]

$ mkdir /sys/fs/cgroup/[group_type]/[group_name]/[subgroup_name]

cgcreate
[ -a : ]
[ -t : ]
-g :

-g :
    This mandatory option specifies the comma-separated list of cgroup controllers (e.g., cpu,memory,io) that will be associated with the new cgroup, and the absolute path for the new cgroup within the cgroup hierarchy (e.g., mygroup/subgroup).

-a :
    Sets the ownership (user and group) for the newly created cgroup directory in the cgroup virtual filesystem. This allows specified non-root users and groups to manage files within this cgroup's directory.

-t :
    Sets the ownership (user and group) for the tasks file within the newly created cgroup directory. The tasks file is used to add or remove process PIDs from the cgroup. Setting its permissions allows specific users to manage process assignments to the cgroup.

-h, --help
    Displays a brief help message about the command's usage and options, then exits.

-v, --version
    Shows the version information of the cgcreate utility and exits.

cgcreate is a fundamental utility from the libcgroup tools package, designed to establish new control groups (cgroups) within the Linux kernel's cgroup filesystem. Cgroups provide a powerful mechanism for organizing processes hierarchically and allocating system resources such as CPU, memory, I/O, and network bandwidth among them.

By using cgcreate, administrators can define a new resource management boundary where specific limits, priorities, or isolations can be applied to a collection of processes. The command requires specifying the desired controllers (e.g., cpu, memory, io) that will govern the cgroup, along with its unique path within the cgroup hierarchy. This is an essential first step in setting up granular resource isolation for applications, services, or containers on a Linux system.

Under the hood, cgcreate operates by creating directories and files in the cgroup virtual filesystem (typically mounted at /sys/fs/cgroup), which reflects the cgroup's structure and allows resource parameters to be configured and monitored. It also offers options to set permissions for the newly created cgroup directory and its tasks file, enabling non-root users to manage processes within specific cgroups.

Permissions: Typically, cgcreate requires root privileges to operate, as it directly manipulates kernel-level resources and the cgroup filesystem. While -a and -t allow setting permissions for sub-directories, the initial creation usually needs elevated access.
Kernel Support: The Linux kernel must have cgroup support enabled and the cgroup virtual filesystem must be mounted (usually at /sys/fs/cgroup) for cgcreate to function. Modern distributions usually handle this automatically.
Hierarchy Design: Careful planning is necessary when designing cgroup hierarchies to ensure proper resource isolation and avoid unintended resource starvation or conflicts between groups.

cgcreate's primary action is to create new directories and special files within the mounted cgroup virtual filesystem, typically located at /sys/fs/cgroup. For each controller specified (e.g., cpu, memory), cgcreate establishes the specified path as a subdirectory. This filesystem interface is the direct, low-level way the kernel exposes cgroup functionality, where files within these directories can be read from or written to in order to configure cgroup parameters (e.g., cpu.shares, memory.limit_in_bytes).

The concept of control groups (cgroups) was initially developed by Google engineers in 2006 (first named process containers) and was merged into the Linux kernel in 2007. The libcgroup tools, including cgcreate, were subsequently developed to provide a user-friendly interface for managing cgroups from userspace, abstracting the direct manipulation of the cgroup filesystem. These tools became widely adopted as cgroups solidified their position as a core feature for resource management in Linux distributions, container technologies (like Docker, LXC), and systemd, which uses cgroups heavily for service management.

cgexec(1), cgclassify(1), cgset(1), cgdelete(1), lscgroup(1), lssubsys(1), cgroups(7)