cgm Man page

CGM(1) User Commands CGM(1)


cgm – a client script for cgmanager


cgm is a client script to simplify making requests of the cgroup man‐
ager. It simply calls dbus-send to send requests to the running cgman‐
ager or cgproxy.


cgm ping

cgm create

cgm chown uid gid

cgm chmod mode

cgm chmodfile file mode

cgm remove [0|1]

cgm getpidcgroup pid

cgm getpidcgroupabs pid

cgm movepid pid

cgm movepidabs pid

cgm getvalue file

cgm setvalue file value

cgm gettasks

cgm gettasksrecursive

cgm listchildren

cgm removeonempty

cgm prune

cgm listcontrollers

cgm listkeys

cgm apiversion

Replace ‘‘ with the desired controller, i.e. mem‐
ory, and ‘‘ with the desired cgroup, i.e. x1. For cre‐
ate, chown, chmod, remove, prune, remove_on_empty, gettasksre‐
cursive and movepid, may be “all” or a comma-sepa‐
rated set of cgroups. Remove by default is recursive, but
adding ‘0’ as the last argument will perforn non-recursive dele‐
tion. Adding ‘1’ is supported for legacy reasons.

To refer to the current cgroup, use ”.

In order to protect the host from root in containers, cgmanager locks
prevents tasks from administering cgroups which are not under their
own. The exceptions are that root in a container may escape up to the
cgroup of its cgproxy, and root on the host may escape to the root

This means that a user in freezer cgroup /foo cannot list cgroups in /.
However, as root he can use movepidabs to escape to /, then list
cgroups in /.

To create a new cgroup called foo and move your shell into it, you
could do:

sudo cgm create all foo
sudo cgm chown all foo $(id -u) $(id -g)
cgm movepid all foo $$

Then to freeze that cgroup,

cgm setvalue freezer foo freezer.state FROZEN



cgm 0.29 January 2016 CGM(1)