What is a cgroup controller?

A controller is a kernel subsystem that accounts for and limits one class of resource — CPU time, memory, block I/O, process count and so on. cgroup v2 attaches controllers to a single unified hierarchy of cgroups.

How do I enable a controller in a child cgroup?

Write the controller name with a + prefix into the parent's cgroup.subtree_control, for example 'echo "+memory +cpu" > cgroup.subtree_control'. A controller is only available to children once the parent delegates it this way.

What is the difference between memory.high and memory.max?

memory.high is a soft throttle: crossing it forces aggressive reclaim but never invokes the OOM killer. memory.max is a hard cap: if reclaim cannot keep usage below it, the kernel OOM-kills a task in the cgroup.

How does cpu.max throttle CPU usage?

cpu.max holds two numbers, '$QUOTA $PERIOD' in microseconds. The cgroup may run for $QUOTA microseconds of CPU time per $PERIOD window. Setting it to '50000 100000' caps the group at half of one CPU.

Is cgroup v1 the same as v2?

No. v1 used a separate hierarchy per controller and different file names. v2 uses one unified hierarchy with consistent .max/.current/.stat naming. Most modern distributions default to v2, though both can be queried at /sys/fs/cgroup.

Linux cgroup v2 Controllers

Control resources with cgroup v2

Control groups (cgroups) let the Linux kernel limit, prioritise and account for the resources a group of processes can use. In the version 2 unified hierarchy, each resource type is handled by a controller — cpu, memory, io, pids, cpuset, hugetlb, rdma and misc — exposed as plain files under /sys/fs/cgroup. This tool lists every controller with its interface files (knobs), showing which are read-only counters and which are writable limits.

How it works

A cgroup is a directory under /sys/fs/cgroup. Inside it you find the interface files for the controllers its parent has delegated. Limits follow a consistent naming scheme: <controller>.max is the hard ceiling, <controller>.current reports live usage, and <controller>.stat gives a detailed breakdown. For a controller to work in a child, the parent must list it in cgroup.subtree_control (written with a + prefix). The cpu and io controllers also support proportional sharing through a weight knob, while cpuset pins tasks to specific CPUs and NUMA nodes. systemd creates and manages most cgroups on a modern system, mapping unit options like MemoryMax= onto memory.max.

Tips and notes

Treat memory.high as your first line of defence — it throttles before the hard memory.max triggers an OOM kill. For I/O throttling, io.max takes per-device entries keyed by MAJ:MIN, so look the device numbers up with lsblk first. Pressure files (*.pressure) expose PSI stall metrics and are invaluable for spotting CPU, memory or I/O contention before it becomes a hang. Always check <controller>.controllers and cgroup.subtree_control if a knob you expect is missing — the controller may simply not be delegated to that cgroup.

Linux cgroup v2 Controllers

Email me this result

Control resources with cgroup v2

How it works

Tips and notes