Use process path in cgroups

AmirSalimi

New Member
Joined
Aug 9, 2023
Messages
4
Reaction score
2
Credits
40
I have a problem with cgoups. I want to limit network traffic of processes based on their process path, not pid. My problem is that some of those processes are not running and maybe they will run later. So I don't have any pid to add in cgroups. What should I do?
 


I want to limit network traffic of processes based on their process path, not pid
Which filtering platform (firewall) do you use to filter packets?

My problem is that some of those processes are not running and maybe they will run later. So I don't have any pid to add in cgroups.

This means they're in "interruptible sleep (waiting for an event to complete)"

This means that the code instructions of this process are not being executed on the CPU.Instead, this process is waiting for something - an event or a condition - to happen.When an event happens, the kernel sets the state to running.

Processes that re in interruptible sleep mode do have PID, how did you determine they don't?

You can verify that each process has PID and path by running:
Bash:
ps -e e
 
Which filtering platform (firewall) do you use to filter packets?



This means they're in "interruptible sleep (waiting for an event to complete)"



Processes that re in interruptible sleep mode do have PID, how did you determine they don't?

You can verify that each process has PID and path by running:
Bash:
ps -e e
Thank you for your answer. I use nftables for firewall. and no. I didn't mean processes that are in "interrupted sleep" mode. For example, you have 'wget' on your system, let's say its path is '/usr/sbin/wget'. You didn't call it, so there is no such process. But I need to restrict its network from specific IP. In cgroups I need pid to do this using nftables. But I don't have it because it doesn't exist. What should i do in this case?
 
The choice of controllers for cgroups on this machine is here:
Code:
[tom@min /sys/fs/cgroup]$ cat cgroup.controllers
cpuset cpu io memory hugetlb pids rdma misc
If it's not going to be pids, then the others are available. How they can be used, I can't say though.
 

Members online


Top