7

I've been reading about cgroups because I want to create a resource-limited sandbox on an embedded linux machine. As I understand it, given a binary that we want to run in isolation we can launch it as a member of some cgroup that we define. We can also move currently running processes into some cgroup.

But from googling and looking through the Red Hat cgroups tutorial, it isn't clear to me if I can create a new user (or user group) and say "I want all processes spawned by user A to be placed in this and this cgroup automatically".

For example, I'd like to allow clients to ssh user_x@mymachine and have all processes created during the ssh session assigned to some cgroup. Is this possible?

Benjamin Lindqvist
  • 351
  • 2
    https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/sec-Moving_a_Process_to_a_Control_Group.html section 2.8.1 concerning the cgred service answers my question I think... – Benjamin Lindqvist Feb 27 '17 at 22:21

1 Answers1

1

I think an answer is still useful here (despite this question being more than 2 years old) and what I could suggest it checking the cgred daemon to define control group rules matching specific usernames and controllers:

https://linuxaria.com/article/introduction-to-cgroups-the-linux-conrol-group

pevogam
  • 153