Resource limits constrain a process's usage of a specific resource.
The
rusage
structure, defined in
include/uapi/linux/resource.h,
constains statistics about process resource usage.
This can be retrieved via the
getrusage
syscall, which uses the underlying
getrusage()
function, defined in the
kernel/sys.c
file.
The
rlimit
structure, also defined in
include/uapi/linux/resource.h,
defines the soft and hard limits of a specified resource.
The list of IDs for resources governed by resource limits are defined in the
include/uapi/asm-generic/resource.h
header.
Resource limits can be retrieved with the
getrlimit
syscall, or set with the
setrlimit
syscall. Both use the underlying
do_prlimit
function, and all are defined in the
kernel/sys.c
file.
Control groups provide a more powerful way to constrain resource usage over a group of processes. These make them ideal for use in container environments. The cgroups v1 and v2 implementations are both still in use, and supported by the Linux kernel infrastructure.
Cgroup functionality is implemented in the
kernel/cgroup
directory. Of particular interest are the
cgroup-v1.c
file, which implements most of the functionality of cgroups v1, and the
cgroup.c
file, which implements most of the cgroups v2 functionality.
The
create_new_namespaces()
function, which is in the
kernel/nsproxy.c
file, runs various functions to create new namespaces, depending on the namespace types specified.
Relevant to the today's discussion is
copy_cgroup_ns()
in the
kernel/cgroup/namespace.c
file, which copies a cgroups namespace to a new one.