Cgroup v2

• Simple architecture
  cgroup v2 focuses on simplicity: /sys/fs/cgroup/cpu/$GROUPNAME and /sys/fs/cgroup/memory/$GROUPNAME in v1 are now unified as /sys/fs/cgroup/$GROUPNAME , and a process can no longer join different groups for different controllers. If the process joins foo ( /sys/fs/cgroup/foo ), all controllers enabled for foo will take the control of the process.
• eBPF-oriented
  In cgroup v2, the device access control is implemented by attaching an eBPF program (BPF_PROG_TYPE_CGROUP_DEVICE)to the file descriptor of /sys/fs/cgroup/foo directory.

• rootless containers
  Rootless containers allow running containers as a non-root user on the host to mitigate potential runtime vulnerabilities.

• docker 20 ‘s main new feature is relying on cgroup v2.

cgroup_cpuacct

• command

  apt install libcgroup
  lscgroup
  

• 12 cgroups

  ls -l \sys\fs\cgroup\
  blkio - Block I/O (or) set limits to read/write from/to.
  cpu - Control CPU time using CFS (Completely Fair Scheduler).
  cpuacct - Reports are generated regarding the usage of CPU resources by a process.
  cpuset - Assings inividual CPUs and memory nodes to tasks (in a single cgroup).
  devices - Allow/Deny access to devices.
  freezer - Suspends/Resumes a process.
  hugetlb - Allows/Denys the use of huge pages for a specific group.
  memory - Set limits on usage for memory for a task/process.
  net_cls - Allows to note/mark specific packets from a group.
  net_prio - Set the priority dynamically to the network traffic.
  perf_event - Allows access to a perf events to a group.
  pids - To limit the number of process/tasks from being forked for cloned when a certain limit is reached.