Linux
    Overview
    Process
    Sockets
    File
    File System Hierarchy
    System Calls
    Libraries
    Device
    systemd
    Service
    namespaces
    Memory
    Modules
    Signals
    System Monitoring
    Desktop Environment
    Users and Groups
    Logs
    Network
    Terminal
    GNU

Namespaces

Updated: 2022-10-09

A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.

There are 7 namespaces in Linux:

  • Cgroup: cgroup = control group. Resource limiting, prioritization, accounting and control.
  • IPC: Inter-process Communication
  • Network: Network devices, ports, etc.
  • Mount: Mount points (of file systems)
  • PID: Process IDs
  • User: User and group IDs
  • UTS: UNIX Timesharing System, named after the data structure used to store info returned by uname system call. Isolates hostname and NIS domain name.

cgroup

  • cgroup ≡ control group
  • System for resource management on Linux
  • Directory hierarchy at /sys/fs/cgroup
  • Limit, throttle, and account for resource usage per control group
  • Each resource interface is provided by a controller
  • Used to constrain resources that are allocated to processes.

When systemd is chosen as the init system for a Linux distribution, the init process generates and consumes a root control group (cgroup) and acts as a cgroup manager. systemd has a tight integration with cgroups and allocates a cgroup per systemd unit.

cgroup v1 vs cgroup v2

cgroupv1 has a hierarchy per-resource (resource = cpu, devices, memory, pids, etc):

  • Separate hierarchy/cgroups for each resource
  • cgroups can be nested inside each other
  • Limits and accounting are performed per-cgroup
  • One PID is in exactly one cgroup per resource
/sys/fs/cgroup => resource => cgroup => pid

cgroupv2 has a unified hierarchy, Each cgroup can support multiple resource domains.

  • cgroups are "global": not limited to one resource
  • Resources are now opt-in for cgroups
  • Granularity at TGID (PID), not TID level
  • Focus on simplicity/clarity over ultimate flexibility
/sys/fs/cgroup => cgroup => (cgroup) => pid => (resource)

Identify the cgroup version on Linux Nodes

To check which cgroup version your distribution uses:

stat -fc %T /sys/fs/cgroup/
  • For cgroup v2, the output is cgroup2fs.
  • For cgroup v1, the output is tmpfs.

To check the layout:

ls /sys/fs/cgroup