> For the complete documentation index, see [llms.txt](https://philipzheng.gitbook.io/docker_practice/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://philipzheng.gitbook.io/docker_practice/security/control_group.md). # 控制組 控制組是 Linux 容器機制的另外一個關鍵元件,負責實作資源的統計和限制。 它提供了很多有用的特性;以及確保各個容器可以公平地分享主機的記憶體、CPU、磁碟 IO 等資源;當然,更重要的是,控制組確保了當容器內的資源使用產生負載時不會連累主機系統。 盡管控制組不負責隔離容器之間相互存取、處理資料和程式,它在防止分散式阻斷服務(DDOS)攻擊方面是必不可少的。尤其是在多使用者的平台(比如公有或私有的 PaaS)上,控制組十分重要。例如,當某些應用程式表現異常的時候,可以保證一致地正常執行和效能。 控制組機制始於 2006 年,核心從 2.6.24 版本開始被引入。 --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://philipzheng.gitbook.io/docker_practice/security/control_group.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.