Practical steps to constrain process memory on Linux using cgroup v2 and v1 tools. 01.01.2026 | reading time: 3 min Cgroups let you control how much memory a group of processes may use; this guide shows how to apply limits, test them, and inspect results so you can stop runaway processes from destabilizing a host. Live demo on modern systems Run a memory-limited process quickly with systemd (cgroup v2): ```bash sudo systemd-run --scope -p MemoryMax=100M /usr/bin/stress --vm 1 --vm-bytes 120M --vm-keep ``` The command launches the `stress` task in a transient scope constrained to 100M; if the task exceeds the limit it will be terminated by the kernel OOM logic for that cgroup; check the transient scope and memory usage with `systemd-cgls` and `journalctl -e` to see the OOM log entries. Legacy approach with libcgroup (cgroup v1) On older or specially configured systems use libcgroup tools: ```bash sudo cgcreate -g memory:/limitgrp sudo cgset -r memory.limit_in_bytes=104857600 limitgrp sudo cgexec -g memory:limitgrp /usr/bin/stress --vm 1 --vm-bytes 120M --vm-keep ``` Inspect the applied limit with `cat /sys/fs/cgroup/memory/limitgrp/memory.limit_in_bytes` which will print a byte value such as `104857600`. Important knobs and behavior Set a hard limit and consider swap accounting: in cgroup v1 also set `memory.memsw.limit_in_bytes` to include swap, while in cgroup v2 use `MemoryMax` and `MemorySwapMax`; remember OOM handling differs between controllers and hierarchical limits cascade from parent to child, so test on a staging host before deploying limits in production. When to use which method Use `systemd-run` on modern distributions with cgroup v2 for quick, robust limits; prefer libcgroup tools where distributions still expose cgroup v1 or for scripting that targets older kernels; for containers, the container runtime usually exposes cgroup settings directly during startup. Related operational tips Monitor memory with `systemd-cgtop` or by reading cgroup files in `/sys/fs/cgroup`, add alerts for OOM events in the host journal, and combine cgroups with CPU and IO limits to avoid resource contention under load. Final note Cgroups are a practical, low-level way to protect a system from greedy processes; practice creating scopes and limits, and then expand to orchestration workflows for real benefit — and if you want structured preparation, consider deepening your Linux skills toward a certification such as CompTIA Linux+ or LPIC-1 with intensive exam prep at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. processes infrastructure utilities virtualization troubleshooting
