cgexec

Execute a process in a given cgroup with given controller

$ cgexec -g [controller]:[cgroup_name] [process_name]

cgexec [-g controllers:group] [-l] [-k] [-r root_path] [--sticky] command [arguments...]

cgexec --group controllers:group command [arguments...]

-g controllers:group
    Specifies the cgroup(s) for the command. controllers is a comma-separated list of cgroup subsystems (e.g., cpu,memory). group is the path to the cgroup within that hierarchy.

--group controllers:group
    Equivalent to -g.

-l
    Lists all available cgroups and their controllers.

-k
    Kills all tasks in the specified cgroup(s) when cgexec exits. Use with caution.

-r root_path
    Specifies an alternative cgroup filesystem root directory.

--sticky
    Makes the executed command and its children 'sticky', meaning they will remain in the cgroup even if they fork or exec new processes, unless explicitly moved.

command
    The command to be executed within the specified cgroup.

[arguments...]
    Arguments passed to the executed command.

The cgexec command executes a specified command within a designated Linux control group (cgroup). Cgroups provide a mechanism for organizing processes hierarchically and distributing system resources along that hierarchy. cgexec allows administrators to precisely control the resources (CPU, memory, I/O, etc.) consumed by a particular application or set of processes by placing them into an isolated cgroup. This is crucial for resource management, workload isolation, performance optimization, and preventing resource starvation among different services or users on a system. It ensures that critical applications receive the necessary resources while limiting others, contributing to system stability and predictability. cgexec is a fundamental tool for managing complex resource allocation scenarios.

The cgroup filesystem must be mounted for cgexec to function correctly. Permissions are critical; typically, root privileges are required to create or modify cgroups. Existing cgroups must be defined or created using tools like cgcreate beforehand. Understanding the cgroup hierarchy and controller specifics is essential for correct usage. cgexec primarily interacts with cgroup v1; cgroup v2 (unified hierarchy) adoption, often managed by systemd, can alter cgroup management paradigms.

To run a stress command within a cgroup named mygroup under the cpu and memory controllers, you would first ensure the cgroup exists (e.g., using cgcreate -g cpu,memory:/mygroup), and then execute:

cgexec -g cpu,memory:/mygroup stress -c 2 --vm 1 --vm-bytes 100M

This command would allocate two CPU stressors and one memory stressor (100MB) to the mygroup cgroup, allowing its resource consumption to be monitored and limited independently from other processes on the system.

cgexec is part of the libcgroup tools suite, which provides a user-space interface for managing Linux control groups. Cgroups were initially introduced into the Linux kernel around version 2.6.24. The libcgroup project developed these utilities to offer a standardized way for system administrators and applications to interact with the kernel's cgroup functionality. While cgroup v1 remains widely used with these tools, the Linux ecosystem is gradually moving towards cgroup v2, managed primarily by systemd, which might influence the long-term relevance or specific use cases of libcgroup tools like cgexec.

cgcreate(1), cgset(1), cgget(1), cgclassify(1), cgroups(7)