Resource Limits and Control Groups Source Code Pointers

Resource limits constrain a process's usage of a specific resource.

The rusage structure, defined in include/uapi/linux/resource.h, constains statistics about process resource usage.

This can be retrieved via the getrusage syscall, which uses the underlying getrusage() function, defined in the kernel/sys.c file.

The rlimit structure, also defined in include/uapi/linux/resource.h, defines the soft and hard limits of a specified resource. The list of IDs for resources governed by resource limits are defined in the include/uapi/asm-generic/resource.h header.

Resource limits can be retrieved with the getrlimit syscall, or set with the setrlimit syscall. Both use the underlying do_prlimit function, and all are defined in the kernel/sys.c file.

Control groups provide a more powerful way to constrain resource usage over a group of processes. These make them ideal for use in container environments. The cgroups v1 and v2 implementations are both still in use, and supported by the Linux kernel infrastructure.

Cgroup functionality is implemented in the kernel/cgroup directory. Of particular interest are the cgroup-v1.c file, which implements most of the functionality of cgroups v1, and the cgroup.c file, which implements most of the cgroups v2 functionality.

The create_new_namespaces() function, which is in the kernel/nsproxy.c file, runs various functions to create new namespaces, depending on the namespace types specified. Relevant to the today's discussion is copy_cgroup_ns() in the kernel/cgroup/namespace.c file, which copies a cgroups namespace to a new one.