linuxlab.io
Tutorials▾
  • Linux & networking
    File system, processes, TCP/IP, BGP and OSPF
    →
  • Terraform & IaC
    HCL, state, plan/apply on a LocalStack sandbox
    →
  • Git & GitHub
    Object model, plumbing, branching, GitHub Actions
    →
All tutorials →
PricingAboutSign inCreate account
/
  • Introduction
  • Lessons
  • How it works
  • Simulator
  • Knowledge base
  • Interview prep
Lessons
Footer
linuxlab-TutorialsPricingAboutPrivacy & cookies
Copyright © 2026 LinuxLab. All rights reserved.

← из прошлого урока

Isolation through namespaces is in your hands. Next come the limits. cgroups v2 is the half of "what a container is" that handles "cpu: 0.5" and "memory: 256m". You will see where they live in the kernel.

← к прошлому уроку

Продвинутый

cgroups v2: where CPU and memory limits live

15 мин · урок входит в курс «Продвинутый»

In the load-average lesson you saw that Docker limits a container's CPU/RAM. But where do those limits live? The answer is cgroups v2, a hierarchical virtual filesystem under /sys/fs/cgroup.

This is a read-only tour. You will see where the current process sits, which limits apply to it, and how the kernel enforces them. Changing limits from inside a container is usually not allowed (it needs SYS_ADMIN plus a cgroup namespace), but you can always read them, and that is important diagnostics in production.

Урок закрыт

Чтобы запустить sandbox и пройти этот урок целиком, нужен соответствующий курс. Внутри - ещё много практических уроков того же уровня и сквозной прогресс.

Купить курсВойти← Все уроки

дальше →

You now see through the container primitives (namespaces + cgroups). Next comes traffic control: tc + netem. You simulate a bad network for chaos testing: RTT, loss, packet duplication.

Открыть превью: tc + netem: simulating a bad networkв курсе «Продвинутый» - /pricing
Footer
linuxlab-
Copyright © 2026 LinuxLab. All rights reserved.
Tutorials
Pricing
About
Privacy & cookies