What is cgroups (control groups) in Linux?

cgroups (control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage of collections of processes. It's the foundation of containers (Docker, Kubernetes) and resource management on Linux. Key capabilities: (1) Resource limiting: set maximum CPU, memory, disk I/O, network bandwidth for a group of processes; (2) Prioritization: allocate resources proportionally among groups; (3) Accounting: measure resource usage per group for billing and monitoring; (4) Control: freeze, checkpoint, restart a group of processes. cgroup subsystems (controllers): cpu — CPU time allocation and throttling; memory — RAM and swap limits; cpuacct — CPU usage accounting; blkio — block device I/O rates and limits; net_cls/net_prio — network traffic classification; pids — limit number of processes; devices — allow/deny device access; freezer — suspend/resume groups. cgroups v1 vs v2: v1 (legacy) — each controller has its own hierarchy, complex; v2 (unified hierarchy, Linux 4.5+) — single unified hierarchy for all controllers, cleaner design. Docker and Kubernetes moving to v2. Docker container limits via cgroups: docker run --memory=512m --cpus=1.5 --blkio-weight=700 myapp. Internally: echo 536870912 > /sys/fs/cgroup/memory/docker/[id]/memory.limit_in_bytes. systemd and cgroups: systemd uses cgroups v2 to manage service resources. Every service is a cgroup. systemctl set-property sshd.service MemoryMax=256M CPUQuota=10%. kubernetes resource limits: translate to cgroup settings on each node: CPU limits → cpu.cfs_period_us + cpu.cfs_quota_us; Memory limits → memory.limit_in_bytes.