Lines Matching refs:cgroup
11 conventions of cgroup v2. It describes all userland-visible aspects
12 of cgroup including core and specific controller behaviors. All
14 v1 is available under :ref:`Documentation/admin-guide/cgroup-v1/index.rst <cgroup-v1>`.
20 1-2. What is cgroup?
70 5.9-1 Miscellaneous cgroup Interface Files
75 5-N-1. CPU controller root cgroup process behaviour
76 5-N-2. IO controller root cgroup process behaviour
100 "cgroup" stands for "control group" and is never capitalized. The
102 qualifier as in "cgroup controllers". When explicitly referring to
106 What is cgroup?
109 cgroup is a mechanism to organize processes hierarchically and
113 cgroup is largely composed of two parts - the core and controllers.
114 cgroup core is primarily responsible for hierarchically organizing
115 processes. A cgroup controller is usually responsible for
121 to one and only one cgroup. All threads of a process belong to the
122 same cgroup. On creation, all processes are put in the cgroup that
124 to another cgroup. Migration of a process doesn't affect already
128 disabled selectively on a cgroup. All controller behaviors are
129 hierarchical - if a controller is enabled on a cgroup, it affects all
131 sub-hierarchy of the cgroup. When a controller is enabled on a nested
132 cgroup, it always restricts the resource distribution further. The
143 Unlike v1, cgroup v2 has only single hierarchy. The cgroup v2
156 is no longer referenced in its current hierarchy. Because per-cgroup
173 automount the v1 cgroup filesystem and so hijack all controllers
178 cgroup v2 currently supports the following mount options.
181 Consider cgroup namespaces as delegation boundaries. This
188 Reduce the latencies of dynamic cgroup modifications such as
191 The static usage pattern of creating a cgroup, enabling
196 Only populate memory.events with data for the current cgroup,
220 Initially, only the root cgroup exists to which all processes belong.
221 A child cgroup can be created by creating a sub-directory::
225 A given cgroup may have multiple child cgroups forming a tree
226 structure. Each cgroup has a read-writable interface file
227 "cgroup.procs". When read, it lists the PIDs of all processes which
228 belong to the cgroup one-per-line. The PIDs are not ordered and the
230 another cgroup and then back or the PID got recycled while reading.
232 A process can be migrated into a cgroup by writing its PID to the
233 target cgroup's "cgroup.procs" file. Only one process can be migrated
239 cgroup that the forking process belongs to at the time of the
240 operation. After exit, a process stays associated with the cgroup
242 zombie process does not appear in "cgroup.procs" and thus can't be
243 moved to another cgroup.
245 A cgroup which doesn't have any children or live processes can be
246 destroyed by removing the directory. Note that a cgroup which doesn't
252 "/proc/$PID/cgroup" lists a process's cgroup membership. If legacy
253 cgroup is in use in the system, this file may contain multiple lines,
254 one for each hierarchy. The entry for cgroup v2 is always in the
257 # cat /proc/842/cgroup
259 0::/test-cgroup/test-cgroup-nested
261 If the process becomes a zombie and the cgroup it was associated with
264 # cat /proc/842/cgroup
266 0::/test-cgroup/test-cgroup-nested (deleted)
272 cgroup v2 supports thread granularity for a subset of controllers to
275 process belong to the same cgroup, which also serves as the resource
283 Marking a cgroup threaded makes it join the resource domain of its
284 parent as a threaded cgroup. The parent may be another threaded
285 cgroup whose resource domain is further up in the hierarchy. The root
295 As the threaded domain cgroup hosts all the domain resource
299 root cgroup is not subject to no internal process constraint, it can
302 The current operation mode or type of the cgroup is shown in the
303 "cgroup.type" file which indicates whether the cgroup is a normal
305 or a threaded cgroup.
307 On creation, a cgroup is always a domain cgroup and can be made
308 threaded by writing "threaded" to the "cgroup.type" file. The
311 # echo threaded > cgroup.type
313 Once threaded, the cgroup can't be made a domain again. To enable the
316 - As the cgroup will join the parent's resource domain. The parent
317 must either be a valid (threaded) domain or a threaded cgroup.
323 Topology-wise, a cgroup can be in an invalid state. Please consider
330 threaded cgroup. "cgroup.type" file will report "domain (invalid)" in
334 A domain cgroup is turned into a threaded domain when one of its child
335 cgroup becomes threaded or threaded controllers are enabled in the
336 "cgroup.subtree_control" file while there are processes in the cgroup.
340 When read, "cgroup.threads" contains the list of the thread IDs of all
341 threads in the cgroup. Except that the operations are per-thread
342 instead of per-process, "cgroup.threads" has the same format and
343 behaves the same way as "cgroup.procs". While "cgroup.threads" can be
344 written to in any cgroup, as it can only move threads inside the same
348 The threaded domain cgroup serves as the resource domain for the whole
350 all the processes are considered to be in the threaded domain cgroup.
351 "cgroup.procs" in a threaded domain cgroup contains the PIDs of all
353 However, "cgroup.procs" can be written to from anywhere in the subtree
354 to migrate all threads of the matching process to the cgroup.
359 threads in the cgroup and its descendants. All consumptions which
360 aren't tied to a specific thread belong to the threaded domain cgroup.
364 between threads in a non-leaf cgroup and its child cgroups. Each
371 Each non-root cgroup has a "cgroup.events" file which contains
372 "populated" field indicating whether the cgroup's sub-hierarchy has
374 the cgroup and its descendants; otherwise, 1. poll and [id]notify
380 in each cgroup::
387 file modified events will be generated on the "cgroup.events" files of
397 Each cgroup has a "cgroup.controllers" file which lists all
398 controllers available for the cgroup to enable::
400 # cat cgroup.controllers
404 disabled by writing to the "cgroup.subtree_control" file::
406 # echo "+cpu +memory -io" > cgroup.subtree_control
408 Only controllers which are listed in "cgroup.controllers" can be
413 Enabling a controller in a cgroup indicates that the distribution of
427 the cgroup's children, enabling it creates the controller's interface
433 "cgroup." are owned by the parent rather than the cgroup itself.
439 Resources are distributed top-down and a cgroup can further distribute
441 parent. This means that all non-root "cgroup.subtree_control" files
443 "cgroup.subtree_control" file. A controller can be enabled only if
454 controllers enabled in their "cgroup.subtree_control" files.
461 The root cgroup is exempt from this restriction. Root contains
464 controllers. How resource consumption in the root cgroup is governed
470 enabled controller in the cgroup's "cgroup.subtree_control". This is
472 populated cgroup. To control resource distribution of a cgroup, the
473 cgroup must create children and transfer all its processes to the
474 children before enabling controllers in its "cgroup.subtree_control"
484 A cgroup can be delegated in two ways. First, to a less privileged
485 user by granting write access of the directory and its "cgroup.procs",
486 "cgroup.threads" and "cgroup.subtree_control" files to the user.
488 cgroup namespace on namespace creation.
494 kernel rejects writes to all files other than "cgroup.procs" and
495 "cgroup.subtree_control" on a namespace root from inside the
506 Currently, cgroup doesn't impose any restrictions on the number of
519 to migrate a target process into a cgroup by writing its PID to the
520 "cgroup.procs" file.
522 - The writer must have write access to the "cgroup.procs" file.
524 - The writer must have write access to the "cgroup.procs" file of the
536 ~ cgroup ~ \ C01
541 currently in C10 into "C00/cgroup.procs". U0 has write access to the
542 file; however, the common ancestor of the source cgroup C10 and the
543 destination cgroup C00 is above the points of delegation and U0 would
544 not have write access to its "cgroup.procs" files and thus the write
567 should be assigned to a cgroup according to the system's logical and
576 Interface files for a cgroup and its children cgroups occupy the same
580 All cgroup core interface files are prefixed with "cgroup." and each
588 cgroup doesn't do anything to prevent name collisions and it's the
595 cgroup controllers implement several resource distribution schemes
635 "io.max" limits the maximum BPS and/or IOPS that a cgroup can consume
642 A cgroup is protected upto the configured amount of the resource
663 A cgroup is exclusively allocated a certain amount of a finite
727 - The root cgroup should be exempt from resource control and thus
765 # cat cgroup-example-interface-file
771 # echo 125 > cgroup-example-interface-file
775 # echo "default 125" > cgroup-example-interface-file
779 # echo "8:16 170" > cgroup-example-interface-file
783 # echo "8:0 default" > cgroup-example-interface-file
784 # cat cgroup-example-interface-file
797 All cgroup core files are prefixed with "cgroup."
799 cgroup.type
803 When read, it indicates the current type of the cgroup, which
806 - "domain" : A normal valid domain cgroup.
808 - "domain threaded" : A threaded domain cgroup which is
811 - "domain invalid" : A cgroup which is in an invalid state.
813 be allowed to become a threaded cgroup.
815 - "threaded" : A threaded cgroup which is a member of a
818 A cgroup can be turned into a threaded cgroup by writing
821 cgroup.procs
826 the cgroup one-per-line. The PIDs are not ordered and the
828 to another cgroup and then back or the PID got recycled while
832 the PID to the cgroup. The writer should match all of the
835 - It must have write access to the "cgroup.procs" file.
837 - It must have write access to the "cgroup.procs" file of the
843 In a threaded cgroup, reading this file fails with EOPNOTSUPP
845 supported and moves every thread of the process to the cgroup.
847 cgroup.threads
852 the cgroup one-per-line. The TIDs are not ordered and the
854 another cgroup and then back or the TID got recycled while
858 TID to the cgroup. The writer should match all of the
861 - It must have write access to the "cgroup.threads" file.
863 - The cgroup that the thread is currently in must be in the
864 same resource domain as the destination cgroup.
866 - It must have write access to the "cgroup.procs" file of the
872 cgroup.controllers
877 the cgroup. The controllers are not ordered.
879 cgroup.subtree_control
885 cgroup to its children.
894 cgroup.events
901 1 if the cgroup or its descendants contains any live
904 1 if the cgroup is frozen; otherwise, 0.
906 cgroup.max.descendants
911 an attempt to create a new cgroup in the hierarchy will fail.
913 cgroup.max.depth
916 Maximum allowed descent depth below the current cgroup.
918 an attempt to create a new child cgroup will fail.
920 cgroup.stat
927 Total number of dying descendant cgroups. A cgroup becomes
928 dying after being deleted by a user. The cgroup will remain
932 A process can't enter a dying cgroup under any circumstances,
933 a dying cgroup can't revive.
935 A dying cgroup can consume system resources not exceeding
936 limits, which were active at the moment of cgroup deletion.
938 cgroup.freeze
942 Writing "1" to the file causes freezing of the cgroup and all
944 be stopped and will not run until the cgroup will be explicitly
945 unfrozen. Freezing of the cgroup may take some time; when this action
946 is completed, the "frozen" value in the cgroup.events control file
950 A cgroup can be frozen either by its own settings, or by settings
952 cgroup will remain frozen.
954 Processes in the frozen cgroup can be killed by a fatal signal.
955 They also can enter and leave a frozen cgroup: either by an explicit
956 move by a user, or if freezing of the cgroup races with fork().
957 If a process is moved to a frozen cgroup, it stops. If a process is
958 moved out of a frozen cgroup, it becomes running.
960 Frozen status of a cgroup doesn't affect any cgroup tree operations:
961 it's possible to delete a frozen (and empty) cgroup, as well as
964 cgroup.kill
968 Writing "1" to the file causes the cgroup and all descendant cgroups to
969 be killed. This means that all processes located in the affected cgroup
972 Killing a cgroup tree will deal with concurrent forks appropriately and
975 In a threaded cgroup, writing this file fails with EOPNOTSUPP as
979 cgroup.pressure
983 Writing "0" to the file will disable the cgroup PSI accounting.
984 Writing "1" to the file will re-enable the cgroup PSI accounting.
987 accounting in a cgroup does not affect PSI accounting in descendants
991 each cgroup separately and aggregates it at each level of the hierarchy.
1024 the root cgroup. Be aware that system management software may already
1026 process, and these processes may need to be moved to the root cgroup
1133 cgroup are tracked so that the total memory consumption can be
1157 The total amount of memory currently being used by the cgroup
1164 Hard memory protection. If the memory usage of a cgroup
1165 is within its effective min boundary, the cgroup's memory
1175 (child cgroup or cgroups are requiring more protected memory
1176 than parent will allow), then each child cgroup will get
1183 If a memory cgroup is not populated with processes,
1191 cgroup is within its effective low boundary, the cgroup's
1201 (child cgroup or cgroups are requiring more protected memory
1202 than parent will allow), then each child cgroup will get
1214 control memory usage of a cgroup. If a cgroup's usage goes
1215 over the high boundary, the processes of the cgroup are
1226 mechanism. If a cgroup's memory usage reaches this limit and
1227 can't be reduced, the OOM killer is invoked in the cgroup.
1246 target cgroup.
1260 the target cgroup. If less bytes are reclaimed than the
1265 memory cgroup. Therefore socket memory balancing triggered by
1274 The max memory usage recorded for the cgroup and its
1275 descendants since the creation of the cgroup.
1281 Determines whether the cgroup should be treated as
1283 all tasks belonging to the cgroup or to its descendants
1284 (if the memory cgroup is not a leaf cgroup) are killed
1291 If the OOM killer is invoked in a cgroup, it's not going
1292 to kill any tasks outside of this cgroup, regardless
1303 hierarchy. For the local events at the cgroup level see
1307 The number of times the cgroup is reclaimed due to
1313 The number of times processes of the cgroup are
1316 cgroup whose memory usage is capped by the high limit
1321 The number of times the cgroup's memory usage was
1323 fails to bring it down, the cgroup goes to OOM state.
1326 The number of time the cgroup's memory usage was
1334 The number of processes belonging to this cgroup
1342 to the cgroup i.e. not hierarchical. The file modified event
1348 This breaks down the cgroup's memory footprint into different
1531 This breaks down the cgroup's memory footprint into different
1557 The total amount of swap currently being used by the cgroup
1564 Swap usage throttle limit. If a cgroup's swap usage exceeds
1568 This limit marks a point of no return for the cgroup. It is NOT
1571 prohibits swapping past a set amount, but lets the cgroup
1580 Swap usage hard limit. If a cgroup's swap usage reaches this
1581 limit, anonymous memory of the cgroup will not be swapped out.
1590 The number of times the cgroup's swap usage was over
1594 The number of times the cgroup's swap usage was about
1619 Zswap usage hard limit. If a cgroup's zswap pool reaches this
1639 throttles the offending cgroup, a management agent has ample
1643 Determining whether a cgroup has enough memory is not trivial as
1657 A memory area is charged to the cgroup which instantiated it and stays
1658 charged to the cgroup until the area is released. Migrating a process
1659 to a different cgroup doesn't move the memory usages that it
1660 instantiated while in the previous cgroup to the new cgroup.
1663 To which cgroup the area will be charged is in-deterministic; however,
1664 over time, the memory area is likely to end up in a cgroup which has
1667 If a cgroup sweeps a considerable amount of memory which is expected
1708 cgroup.
1763 cgroup.
1800 If needed, tools/cgroup/iocost_coef_gen.py can be used to
1811 the cgroup can use in relation to its siblings.
1883 per-cgroup dirty memory states are examined and the more restrictive
1886 cgroup writeback requires explicit support from the underlying
1887 filesystem. Currently, cgroup writeback is implemented on ext2, ext4,
1889 attributed to the root cgroup.
1892 which affects how cgroup ownership is tracked. Memory is tracked per
1894 inode is assigned to a cgroup and all IO requests to write dirty pages
1895 from the inode are attributed to that cgroup.
1897 As cgroup ownership for memory is tracked per page, there can be pages
1901 cgroup becomes the majority over a certain period of time, switches
1902 the ownership of the inode to that cgroup.
1905 mostly dirtied by a single cgroup even when the main writing cgroup
1915 The sysctl knobs which affect writeback behavior are applied to cgroup
1919 These ratios apply the same to cgroup writeback with the
1924 For cgroup writeback, this is calculated into ratio against
1932 This is a cgroup v2 controller for IO workload protection. You provide a group
2011 A single attribute controls the behavior of the I/O priority cgroup policy,
2065 The process number controller is used to allow a cgroup to stop any
2069 The number of tasks in a cgroup can be exhausted in ways which other
2090 The number of processes currently in the cgroup and its
2093 Organisational operations are not blocked by cgroup policies, so it is
2096 processes to the cgroup such that pids.current is larger than
2097 pids.max. However, it is not possible to violate a cgroup PID policy
2099 of a new process would cause a cgroup policy to be violated.
2107 specified in the cpuset interface files in a task's current cgroup.
2125 cgroup. The actual list of CPUs to be granted, however, is
2135 An empty value indicates that the cgroup is using the same
2136 setting as the nearest cgroup ancestor with a non-empty
2147 cgroup by its parent. These CPUs are allowed to be used by
2148 tasks within the current cgroup.
2151 all the CPUs from the parent cgroup that can be available to
2152 be used by this cgroup. Otherwise, it should be a subset of
2164 this cgroup. The actual list of memory nodes granted, however,
2174 An empty value indicates that the cgroup is using the same
2175 setting as the nearest cgroup ancestor with a non-empty
2183 tasks within the cgroup to be migrated to the designated nodes if
2198 this cgroup by its parent. These memory nodes are allowed to
2199 be used by tasks within the current cgroup.
2202 parent cgroup that will be available to be used by this cgroup.
2211 cpuset-enabled cgroups. This flag is owned by the parent cgroup
2222 The root cgroup is always a partition root and its state
2226 When set to "root", the current cgroup is the root of a new
2269 2) The parent cgroup is a valid partition root.
2277 Note that a task cannot be moved to a cgroup with empty
2313 on top of cgroup BPF. To control access to device files, a user may
2361 It exists for all the cgroup except root.
2379 the cgroup except root.
2383 The default value is "max". It exists for all the cgroup except root.
2393 are local to the cgroup i.e. not hierarchical. The file modified event
2398 hugetlb pages of <hugepagesize> in this cgroup. Only active in
2404 The Miscellaneous cgroup provides the resource limiting and tracking
2406 cgroup resources. Controller is enabled by the CONFIG_CGROUP_MISC config
2411 in the kernel/cgroup/misc.c file. Provider of the resource must set its
2424 A read-only flat-keyed file shown only in the root cgroup. It shows
2434 the current usage of the resources in the cgroup and its children.::
2442 maximum usage of the resources in the cgroup and its children.::
2466 The number of times the cgroup's resource usage was
2472 A miscellaneous scalar resource is charged to the cgroup in which it is used
2473 first, and stays charged to that cgroup until that resource is freed. Migrating
2474 a process to a different cgroup does not move the charge to the destination
2475 cgroup where the process has moved.
2485 always be filtered by cgroup v2 path. The controller can still be
2496 CPU controller root cgroup process behaviour
2499 When distributing CPU cycles in the root cgroup each thread in this
2500 cgroup is treated as if it was hosted in a separate child cgroup of the
2501 root cgroup. This child cgroup weight is dependent on its thread nice
2509 IO controller root cgroup process behaviour
2512 Root cgroup processes are hosted in an implicit leaf child node.
2514 account as if it was a normal child cgroup of the root cgroup with a
2524 cgroup namespace provides a mechanism to virtualize the view of the
2525 "/proc/$PID/cgroup" file and cgroup mounts. The CLONE_NEWCGROUP clone
2526 flag can be used with clone(2) and unshare(2) to create a new cgroup
2527 namespace. The process running inside the cgroup namespace will have
2528 its "/proc/$PID/cgroup" output restricted to cgroupns root. The
2529 cgroupns root is the cgroup of the process at the time of creation of
2530 the cgroup namespace.
2532 Without cgroup namespace, the "/proc/$PID/cgroup" file shows the
2533 complete path of the cgroup of a process. In a container setup where
2535 "/proc/$PID/cgroup" file may leak potential system level information
2538 # cat /proc/self/cgroup
2542 and undesirable to expose to the isolated processes. cgroup namespace
2544 creating a cgroup namespace, one would see::
2546 # ls -l /proc/self/ns/cgroup
2547 lrwxrwxrwx 1 root root 0 2014-07-15 10:37 /proc/self/ns/cgroup -> cgroup:[4026531835]
2548 # cat /proc/self/cgroup
2553 # ls -l /proc/self/ns/cgroup
2554 lrwxrwxrwx 1 root root 0 2014-07-15 10:35 /proc/self/ns/cgroup -> cgroup:[4026532183]
2555 # cat /proc/self/cgroup
2558 When some thread from a multi-threaded process unshares its cgroup
2563 A cgroup namespace is alive as long as there are processes inside or
2564 mounts pinning it. When the last usage goes away, the cgroup
2572 The 'cgroupns root' for a cgroup namespace is the cgroup in which the
2574 /batchjobs/container_id1 cgroup calls unshare, cgroup
2576 init_cgroup_ns, this is the real root ('/') cgroup.
2578 The cgroupns root cgroup does not change even if the namespace creator
2579 process later moves to a different cgroup::
2581 # ~/unshare -c # unshare cgroupns in some cgroup
2582 # cat /proc/self/cgroup
2585 # echo 0 > sub_cgrp_1/cgroup.procs
2586 # cat /proc/self/cgroup
2589 Each process gets its namespace-specific view of "/proc/$PID/cgroup"
2591 Processes running inside the cgroup namespace will be able to see
2592 cgroup paths (in /proc/self/cgroup) only inside their root cgroup.
2597 # echo 7353 > sub_cgrp_1/cgroup.procs
2598 # cat /proc/7353/cgroup
2601 From the initial cgroup namespace, the real cgroup path will be
2604 $ cat /proc/7353/cgroup
2607 From a sibling cgroup namespace (that is, a namespace rooted at a
2608 different cgroup), the cgroup path relative to its own cgroup
2609 namespace root will be shown. For instance, if PID 7353's cgroup
2612 # cat /proc/7353/cgroup
2616 its relative to the cgroup namespace root of the caller.
2622 Processes inside a cgroup namespace can move into and out of the
2628 # cat /proc/7353/cgroup
2630 # echo 7353 > batchjobs/container_id2/cgroup.procs
2631 # cat /proc/7353/cgroup
2634 Note that this kind of setup is not encouraged. A task inside cgroup
2637 setns(2) to another cgroup namespace is allowed when:
2640 (b) the process has CAP_SYS_ADMIN against the target cgroup
2643 No implicit cgroup changes happen with attaching to another cgroup
2645 process under the target cgroup namespace root.
2651 Namespace specific cgroup hierarchy can be mounted by a process
2652 running inside a non-init cgroup namespace::
2656 This will mount the unified cgroup hierarchy with cgroupns root as the
2660 The virtualization of /proc/self/cgroup file combined with restricting
2661 the view of cgroup hierarchy by namespace-private cgroupfs mount
2662 provides a properly isolated cgroup view inside the container.
2669 where interacting with cgroup is necessary. cgroup core and
2676 A filesystem can support cgroup writeback by updating
2682 associates the bio with the inode's owner cgroup and the
2693 With writeback bio's annotated, cgroup support can be enabled per
2695 selective disabling of cgroup writeback support which is helpful when
2699 wbc_init_bio() binds the specified bio to its cgroup. Depending on
2715 - The "tasks" file is removed and "cgroup.procs" is not sorted.
2717 - "cgroup.clone_children" is removed.
2719 - /proc/cgroups is meaningless for v2. Use "cgroup.controllers" file
2729 cgroup v1 allowed an arbitrary number of hierarchies and each
2751 It greatly complicated cgroup core implementation but more importantly
2752 the support for multiple hierarchies restricted how cgroup could be
2756 that a thread's cgroup membership couldn't be described in finite
2782 cgroup v1 allowed threads of a process to belong to different cgroups.
2793 cgroup v1 had an ambiguously defined delegation model which got abused
2797 effectively raised cgroup to the status of a syscall-like API exposed
2800 First of all, cgroup has a fundamentally inadequate interface to be
2802 extract the path on the target hierarchy from /proc/self/cgroup,
2809 cgroup controllers implemented a number of knobs which would never be
2811 system-management pseudo filesystem. cgroup ended up with interface
2815 effectively abusing cgroup as a shortcut to implementing public APIs
2826 cgroup v1 allowed threads to be in any cgroups which created an
2827 interesting problem where threads belonging to a parent cgroup and its
2833 mapped nice levels to cgroup weights. This worked for some cases but
2842 cgroup to host the threads. The hidden leaf had its own copies of all
2858 made cgroup as a whole highly inconsistent.
2860 This clearly is a problem which needs to be addressed from cgroup core
2867 cgroup v1 grew without oversight and developed a large number of
2868 idiosyncrasies and inconsistencies. One issue on the cgroup core side
2869 was how an empty cgroup was notified - a userland helper binary was
2878 cgroup. Some controllers exposed a large amount of inconsistent
2881 There also was no consistency across controllers. When a new cgroup
2889 cgroup v2 establishes common conventions where appropriate and updates
2914 reserve. A cgroup enjoys reclaim protection when it's within its
2957 cgroup design was that global or parental pressure would always be
2966 that cgroup controllers should account and limit specific physical