But mainly containers
modprobe in IaaS
Token bucket filter
rlimit system calls
Hierarchical token bucket
$ sudo chroot container0/
(version 2.4.19)
(version 2.6.24)
$ sudo unshare --fork --pid --mount-proc bash
$ htop
$ sudo apt install cgroup-tools
$ sudo cgcreate -a <user> -g pids:mygroup
$ sudo cgexec -g pids:mygroup bash
# mkdir -p /sys/fs/cgroup/pids/parent/child
# echo 2 > /sys/fs/cgroup/pids/parent/pids.max
# echo $$ > /sys/fs/cgroup/pids/parent/cgroup.procs
# cat /sys/fs/cgroup/pids/parent/pids.current
# echo "Here's some processes for you." | cat
$ sudo cgdelete -g pids:mygroup
User Space
Kernel Space
Request
Handler
Server
Socket
Client
Socket
Server
Socket
Request
Response
Request
Response
Kernel
Kernel
Kernel*
VM hypervisor (IaaS)
PUT
PUT
POST
POST
GET
GET
RESTful API from A
RESTful API from B