From 3c2328bf3bf6527c6b28445336d32183a277b1e1 Mon Sep 17 00:00:00 2001 From: Jerry Jelinek Date: Thu, 21 Apr 2016 15:27:38 +0000 Subject: 13471 zoneadmd should infer zone.max-processes 13472 Man pages missing the max-processes resource control Portions contributed by: Andy Fiddaman Reviewed by: C Fraire Reviewed by: Toomas Soome Approved by: Robert Mustacchi --- usr/src/cmd/zoneadmd/vplat.c | 26 +++-- usr/src/man/man1/prctl.1 | 22 ++--- usr/src/man/man1m/zonecfg.1m | 42 ++++++--- usr/src/man/man5/resource_controls.5 | 177 ++++++++++++++++++++++------------- 4 files changed, 168 insertions(+), 99 deletions(-) diff --git a/usr/src/cmd/zoneadmd/vplat.c b/usr/src/cmd/zoneadmd/vplat.c index e81fa012cf..21722a13de 100644 --- a/usr/src/cmd/zoneadmd/vplat.c +++ b/usr/src/cmd/zoneadmd/vplat.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2013, Joyent Inc. All rights reserved. + * Copyright 2016, Joyent Inc. * Copyright (c) 2015, 2016 by Delphix. All rights reserved. * Copyright 2019 OmniOS Community Edition (OmniOSce) Association. * Copyright 2020 RackTop Systems Inc. @@ -3343,6 +3343,7 @@ get_rctls(zlog_t *zlogp, char **bufp, size_t *bufsizep) rctlblk_t *rctlblk = NULL; uint64_t maxlwps; uint64_t maxprocs; + int rproc, rlwp; *bufp = NULL; *bufsizep = 0; @@ -3365,19 +3366,28 @@ get_rctls(zlog_t *zlogp, char **bufp, size_t *bufsizep) /* * Allow the administrator to control both the maximum number of - * process table slots and the maximum number of lwps with just the - * max-processes property. If only the max-processes property is set, - * we add a max-lwps property with a limit derived from max-processes. + * process table slots, and the maximum number of lwps, with a single + * max-processes or max-lwps property. If only the max-processes + * property is set, we add a max-lwps property with a limit derived + * from max-processes. If only the max-lwps property is set, we add a + * max-processes property with the same limit as max-lwps. */ - if (zonecfg_get_aliased_rctl(handle, ALIAS_MAXPROCS, &maxprocs) - == Z_OK && - zonecfg_get_aliased_rctl(handle, ALIAS_MAXLWPS, &maxlwps) - == Z_NO_ENTRY) { + rproc = zonecfg_get_aliased_rctl(handle, ALIAS_MAXPROCS, &maxprocs); + rlwp = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLWPS, &maxlwps); + if (rproc == Z_OK && rlwp == Z_NO_ENTRY) { if (zonecfg_set_aliased_rctl(handle, ALIAS_MAXLWPS, maxprocs * LWPS_PER_PROCESS) != Z_OK) { zerror(zlogp, B_FALSE, "unable to set max-lwps alias"); goto out; } + } else if (rlwp == Z_OK && rproc == Z_NO_ENTRY) { + /* no scaling for max-proc value */ + if (zonecfg_set_aliased_rctl(handle, ALIAS_MAXPROCS, + maxlwps) != Z_OK) { + zerror(zlogp, B_FALSE, + "unable to set max-processes alias"); + goto out; + } } if (zonecfg_setrctlent(handle) != Z_OK) { diff --git a/usr/src/man/man1/prctl.1 b/usr/src/man/man1/prctl.1 index 0e117a510b..5a91760ab2 100644 --- a/usr/src/man/man1/prctl.1 +++ b/usr/src/man/man1/prctl.1 @@ -1,14 +1,14 @@ '\" te .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved +.\" Copyright 2021 OmniOS Community Edition (OmniOSce) Association. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH PRCTL 1 "April 9, 2016" +.TH PRCTL 1 "Jan 23, 2021" .SH NAME prctl \- get or set the resource controls of running processes, tasks, and projects .SH SYNOPSIS -.LP .nf \fBprctl\fR [\fB-P\fR] [\fB-t\fR [basic | privileged | system]] [\fB-n\fR \fIname\fR [\fB-srx\fR] [\fB-v\fR \fIvalue\fR] [\fB-e\fR | \fB-d\fR \fIaction\fR] [\fB-p\fR \fIpid\fR]] @@ -16,7 +16,6 @@ projects .fi .SH DESCRIPTION -.LP The \fBprctl\fR utility allows the examination and modification of the resource controls associated with an active process, task, or project on the system. It allows access to the basic and privileged limits and the current usage on @@ -26,7 +25,6 @@ the specified entity. See \fBresource_controls\fR(5) for a description of the resource controls supported in the current release of the Solaris operating system. .SH OPTIONS -.LP The following options are supported: .sp .ne 2 @@ -236,7 +234,6 @@ If none of the \fB-s\fR, \fB-r\fR, \fB-x\fR, \fB-v\fR, \fB-d\fR, or \fB-e\fR options are specified, the invocation is considered a get operation. Otherwise, it is considered a modify operation. .SH OPERANDS -.LP The following operand is supported: .sp .ne 2 @@ -251,7 +248,6 @@ operation fails. If no \fIid\fR is specified, an error message is returned. .RE .SH EXAMPLES -.LP \fBExample 1 \fRDisplaying Current Resource Control Settings .sp .LP @@ -270,6 +266,9 @@ NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT task.max-cpu-time usage 8s system 18.4Es inf none - +task.max-processes + usage 30 + system 2.15G max deny - task.max-lwps usage 39 system 2.15G max deny - @@ -294,6 +293,9 @@ privileged 508MB - deny - project.max-tasks usage 2 system 2.15G max deny - +project.max-processes + usage 30 + system 2.15G max deny - project.max-lwps usage 39 system 2.15G max deny - @@ -308,6 +310,8 @@ zone.max-sem-ids system 16.8M max deny - zone.max-msg-ids system 16.8M max deny - +zone.max-processes + system 2.15G max deny - zone.max-lwps system 2.15G max deny - zone.cpu-shares @@ -382,7 +386,7 @@ Using the target project, identify the resource limit value before the change: project 10: group.staff project.max-locked-memory privileged 256MB - deny - - system 16.0EB max deny - + system 16.0EB max deny - current limit is 256 Megabytes. .fi @@ -494,7 +498,6 @@ The cap can be lowered to 50% using: .sp .SH EXIT STATUS -.LP The following exit values are returned: .sp .ne 2 @@ -533,7 +536,6 @@ Process information and control files .RE .SH ATTRIBUTES -.LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -552,12 +554,10 @@ Interface Stability See below. The command-line syntax is Committed. The human-readable output is Uncommitted. The parsable output is Committed. .SH SEE ALSO -.LP \fBrctladm\fR(1M), \fBzonecfg\fR(1M), \fBsetrctl\fR(2), \fBrctlblk_get_local_action\fR(3C), \fBproject\fR(4), \fBattributes\fR(5), \fBresource_controls\fR(5) .SH NOTES -.LP The valid signals that can be set on a resource control block allowing local actions are \fBSIGABRT\fR, \fBSIGXRES\fR, \fBSIGHUP\fR, \fBSIGSTOP\fR, \fBSIGTERM\fR, and \fBSIGKILL\fR. Additionally, CPU time related controls can diff --git a/usr/src/man/man1m/zonecfg.1m b/usr/src/man/man1m/zonecfg.1m index 32285e1fc3..08d309b4de 100644 --- a/usr/src/man/man1m/zonecfg.1m +++ b/usr/src/man/man1m/zonecfg.1m @@ -2,14 +2,14 @@ .\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved. .\" Copyright 2013 Joyent, Inc. All Rights Reserved. .\" Copyright 2017 Peter Tribble +.\" Copyright 2021 OmniOS Community Edition (OmniOSce) Association. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ZONECFG 1M "Jul 24, 2017" +.TH ZONECFG 1M "Jan 23, 2021" .SH NAME zonecfg \- set up zone configuration .SH SYNOPSIS -.LP .nf \fBzonecfg\fR \fB-z\fR \fIzonename\fR .fi @@ -30,7 +30,6 @@ zonecfg \- set up zone configuration .fi .SH DESCRIPTION -.LP The \fBzonecfg\fR utility creates and modifies the configuration of a zone. Zone configuration consists of a number of resources and properties. .sp @@ -72,7 +71,6 @@ the \fBzonecfg\fR properties and resources. See the brand-specific man page for more details on each brand. For an overview of brands, see the \fBbrands\fR(5) man page. .SS "Resources" -.LP The following resource types are supported: .sp .ne 2 @@ -185,7 +183,6 @@ Delegation of administration to specific users. .RE .SS "Properties" -.LP Each resource type has one or more properties. There are also some global properties, that is, properties of the configuration as a whole, rather than of some particular resource. @@ -302,6 +299,16 @@ The following properties are supported: \fBmax-msg-ids\fR .RE +.sp +.ne 2 +.na +\fB(global)\fR +.ad +.sp .6 +.RS 4n +\fBmax-processes\fR +.RE + .sp .ne 2 .na @@ -767,6 +774,8 @@ is the preferred way to set the \fBzone.cpu-shares\fR rctl. .RS 4n The maximum number of LWPs simultaneously available to this zone. This property is the preferred way to set the \fBzone.max-lwps\fR rctl. +If \fBmax-processes\fR is not explicitly set then it will be set to the +same value as \fBmax-lwps\fR. .RE .sp @@ -780,6 +789,20 @@ The maximum number of message queue IDs allowed for this zone. This property is the preferred way to set the \fBzone.max-msg-ids\fR rctl. .RE +.sp +.ne 2 +.na +\fBglobal: \fBmax-processes\fR\fR +.ad +.sp .6 +.RS 4n +The maximum number of processes simultaneously available to this zone. This +property is the preferred way to set the \fBzone.max-processes\fR rctl. +If \fBmax-lwps\fR is not explicitly set, then setting this property will +automatically set \fBmax-lwps\fR to 10 times the value of +\fBmax-processes\fR. +.RE + .sp .ne 2 .na @@ -975,6 +998,7 @@ resource property-name type (global) cpu-shares simple (global) max-lwps simple (global) max-msg-ids simple +(global) max-processes simple (global) max-sem-ids simple (global) max-shm-ids simple (global) max-shm-memory simple @@ -1022,7 +1046,6 @@ contain alphanumerics plus the hyphen (\fB-\fR), underscore (\fB_\fR), and dot use by the system. Finally, the "autoboot" global property must have a value of "true" or "false". .SS "Using Kernel Statistics to Monitor CPU Caps" -.LP Using the kernel statistics (\fBkstat\fR(3KSTAT)) module \fBcaps\fR, the system maintains information for all capped projects and zones. You can access this information by reading kernel statistics (\fBkstat\fR(3KSTAT)), specifying @@ -1174,7 +1197,6 @@ Name of the zone for which statistics are displayed. .LP See \fBEXAMPLES\fR for sample output from a \fBkstat\fR command. .SH OPTIONS -.LP The following options are supported: .sp .ne 2 @@ -1202,7 +1224,6 @@ cannot be used. .RE .SH SUBCOMMANDS -.LP You can use the \fBadd\fR and \fBselect\fR subcommands to select a specific resource, at which point the scope changes to that resource. The \fBend\fR and \fBcancel\fR subcommands are used to complete the resource specification, at @@ -1481,7 +1502,6 @@ option can be used to force the action. .RE .SH EXAMPLES -.LP \fBExample 1 \fRCreating the Environment for a New Zone .sp .LP @@ -1881,7 +1901,6 @@ for a specific project, the second for the same project within zone 1. .sp .SH EXIT STATUS -.LP The following exit values are returned: .sp .ne 2 @@ -1914,7 +1933,6 @@ Invalid usage. .RE .SH ATTRIBUTES -.LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -1929,7 +1947,6 @@ Interface Stability Volatile .TE .SH SEE ALSO -.LP \fBppriv\fR(1), \fBprctl\fR(1), \fBzlogin\fR(1), \fBkstat\fR(1M), \fBmount\fR(1M), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBpoold\fR(1M), \fBrcapd\fR(1M), \fBrctladm\fR(1M), \fBsvcadm\fR(1M), \fBipadm\fR(1M), @@ -1942,5 +1959,4 @@ Interface Stability Volatile \fISystem Administration Guide: Solaris Containers-Resource Management, and Solaris Zones\fR .SH NOTES -.LP All character data used by \fBzonecfg\fR must be in US-ASCII encoding. diff --git a/usr/src/man/man5/resource_controls.5 b/usr/src/man/man5/resource_controls.5 index fe22484bcc..149158a02a 100644 --- a/usr/src/man/man5/resource_controls.5 +++ b/usr/src/man/man5/resource_controls.5 @@ -1,13 +1,13 @@ '\" te .\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved. +.\" Copyright 2021 OmniOS Community Edition (OmniOSce) Association. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH RESOURCE_CONTROLS 5 "April 9, 2016" +.TH RESOURCE_CONTROLS 5 "Jan 23, 2021" .SH NAME resource_controls \- resource controls available through project database .SH DESCRIPTION -.LP The resource controls facility is configured through the project database. See \fBproject\fR(4). You can set and modify resource controls through the following utilities: @@ -50,7 +50,7 @@ The following are the resource controls are available: .sp .ne 2 .na -\fB\fBprocess.max-address-space\fR\fR +\fBprocess.max-address-space\fR .ad .sp .6 .RS 4n @@ -61,7 +61,7 @@ available to this process, expressed as a number of bytes. .sp .ne 2 .na -\fB\fBprocess.max-core-size\fR\fR +\fBprocess.max-core-size\fR .ad .sp .6 .RS 4n @@ -72,7 +72,7 @@ bytes. .sp .ne 2 .na -\fB\fBprocess.max-cpu-time\fR\fR +\fBprocess.max-cpu-time\fR .ad .sp .6 .RS 4n @@ -83,7 +83,7 @@ seconds. .sp .ne 2 .na -\fB\fBprocess.max-data-size\fR\fR +\fBprocess.max-data-size\fR .ad .sp .6 .RS 4n @@ -93,7 +93,7 @@ Maximum heap memory available to this process, expressed as a number of bytes. .sp .ne 2 .na -\fB\fBprocess.max-file-descriptor\fR\fR +\fBprocess.max-file-descriptor\fR .ad .sp .6 .RS 4n @@ -104,7 +104,7 @@ integer. .sp .ne 2 .na -\fB\fBprocess.max-file-size\fR\fR +\fBprocess.max-file-size\fR .ad .sp .6 .RS 4n @@ -115,7 +115,22 @@ number of bytes. .sp .ne 2 .na -\fB\fBprocess.max-msg-messages\fR\fR +\fBprocess.max-locked-memory\fR +.ad +.sp .6 +.RS 4n +Total amount of physical memory that can be locked by this process, expressed +as a number of bytes. This limit is not enforced for a process with the +\fBPRIV_PROC_LOCK_MEMORY\fR privilege. Because the ability to lock memory +is controlled by the \fBPRIV_PROC_LOCK_MEMORY\fR privilege within native +zones, this resource control is only useful within branded zones which might +support a different policy for locking memory. +.RE + +.sp +.ne 2 +.na +\fBprocess.max-msg-messages\fR .ad .sp .6 .RS 4n @@ -126,7 +141,7 @@ control at \fBmsgget()\fR time), expressed as an integer. .sp .ne 2 .na -\fB\fBprocess.max-msg-qbytes\fR\fR +\fBprocess.max-msg-qbytes\fR .ad .sp .6 .RS 4n @@ -137,7 +152,7 @@ resource control at \fBmsgget()\fR time), expressed as a number of bytes. .sp .ne 2 .na -\fB\fBprocess.max-port-events\fR\fR +\fBprocess.max-port-events\fR .ad .sp .6 .RS 4n @@ -147,7 +162,7 @@ Maximum allowable number of events per event port, expressed as an integer. .sp .ne 2 .na -\fB\fBprocess.max-sem-nsems\fR\fR +\fBprocess.max-sem-nsems\fR .ad .sp .6 .RS 4n @@ -158,7 +173,7 @@ integer. .sp .ne 2 .na -\fB\fBprocess.max-sem-ops\fR\fR +\fBprocess.max-sem-ops\fR .ad .sp .6 .RS 4n @@ -170,7 +185,7 @@ integer, specifying the number of operations. .sp .ne 2 .na -\fB\fBprocess.max-sigqueue-size\fR\fR +\fBprocess.max-sigqueue-size\fR .ad .sp .6 .RS 4n @@ -180,7 +195,7 @@ Maximum number of outstanding queued signals. .sp .ne 2 .na -\fB\fBprocess.max-stack-size\fR\fR +\fBprocess.max-stack-size\fR .ad .sp .6 .RS 4n @@ -191,7 +206,7 @@ of bytes. .sp .ne 2 .na -\fB\fBproject.cpu-cap\fR\fR +\fBproject.cpu-cap\fR .ad .sp .6 .RS 4n @@ -205,7 +220,7 @@ action. .sp .ne 2 .na -\fB\fBproject.cpu-shares\fR\fR +\fBproject.cpu-shares\fR .ad .sp .6 .RS 4n @@ -217,7 +232,7 @@ resource control does not support the \fBsyslog\fR action. .sp .ne 2 .na -\fB\fBproject.max-contracts\fR\fR +\fBproject.max-contracts\fR .ad .sp .6 .RS 4n @@ -227,7 +242,7 @@ Maximum number of contracts allowed in a project, expressed as an integer. .sp .ne 2 .na -\fB\fBproject.max-crypto-memory\fR\fR +\fBproject.max-crypto-memory\fR .ad .sp .6 .RS 4n @@ -239,7 +254,7 @@ charged against this resource control. .sp .ne 2 .na -\fB\fBproject.max-locked-memory\fR\fR +\fBproject.max-locked-memory\fR .ad .sp .6 .RS 4n @@ -250,7 +265,7 @@ Total amount of physical memory locked by device drivers and user processes .sp .ne 2 .na -\fB\fBproject.max-lwps\fR\fR +\fBproject.max-lwps\fR .ad .sp .6 .RS 4n @@ -261,7 +276,7 @@ integer. .sp .ne 2 .na -\fB\fBproject.max-msg-ids\fR\fR +\fBproject.max-msg-ids\fR .ad .sp .6 .RS 4n @@ -272,7 +287,18 @@ integer. .sp .ne 2 .na -\fB\fBproject.max-port-ids\fR\fR +\fBproject.max-processes\fR +.ad +.sp .6 +.RS 4n +Maximum number of processes simultaneously available to a project, expressed as +an integer. +.RE + +.sp +.ne 2 +.na +\fBproject.max-port-ids\fR .ad .sp .6 .RS 4n @@ -282,7 +308,7 @@ Maximum allowable number of event ports, expressed as an integer. .sp .ne 2 .na -\fB\fBproject.max-sem-ids\fR\fR +\fBproject.max-sem-ids\fR .ad .sp .6 .RS 4n @@ -292,7 +318,7 @@ Maximum number of semaphore IDs allowed for a project, expressed as an integer. .sp .ne 2 .na -\fB\fBproject.max-shm-ids\fR\fR +\fBproject.max-shm-ids\fR .ad .sp .6 .RS 4n @@ -303,7 +329,7 @@ integer. .sp .ne 2 .na -\fB\fBproject.max-shm-memory\fR\fR +\fBproject.max-shm-memory\fR .ad .sp .6 .RS 4n @@ -314,7 +340,7 @@ bytes. .sp .ne 2 .na -\fB\fBproject.max-tasks\fR\fR +\fBproject.max-tasks\fR .ad .sp .6 .RS 4n @@ -324,7 +350,7 @@ Maximum number of tasks allowable in a project, expressed as an integer. .sp .ne 2 .na -\fB\fBproject.pool\fR\fR +\fBproject.pool\fR .ad .sp .6 .RS 4n @@ -334,7 +360,7 @@ Binds a specified resource pool with a project. .sp .ne 2 .na -\fB\fBrcap.max-rss\fR\fR +\fBrcap.max-rss\fR .ad .sp .6 .RS 4n @@ -345,7 +371,7 @@ in a project. .sp .ne 2 .na -\fB\fBtask.max-cpu-time\fR\fR +\fBtask.max-cpu-time\fR .ad .sp .6 .RS 4n @@ -356,7 +382,7 @@ number of seconds. .sp .ne 2 .na -\fB\fBtask.max-lwps\fR\fR +\fBtask.max-lwps\fR .ad .sp .6 .RS 4n @@ -364,13 +390,24 @@ Maximum number of LWPs simultaneously available to this task's processes, expressed as an integer. .RE +.sp +.ne 2 +.na +\fBtask.max-processes\fR +.ad +.sp .6 +.RS 4n +Maximum number of processes simultaneously available to this task, +expressed as an integer. +.RE + .sp .LP The following zone-wide resource controls are available: .sp .ne 2 .na -\fB\fBzone.cpu-cap\fR\fR +\fBzone.cpu-cap\fR .ad .sp .6 .RS 4n @@ -384,7 +421,7 @@ not support the \fBsyslog\fR action. .sp .ne 2 .na -\fB\fBzone.cpu-shares\fR\fR +\fBzone.cpu-shares\fR .ad .sp .6 .RS 4n @@ -398,7 +435,7 @@ Expressed as an integer. This resource control does not support the .sp .ne 2 .na -\fB\fBzone.max-locked-memory\fR\fR +\fBzone.max-locked-memory\fR .ad .sp .6 .RS 4n @@ -408,20 +445,20 @@ Total amount of physical locked memory available to a zone. .sp .ne 2 .na -\fB\fBzone.max-lwps\fR\fR +\fBzone.max-lwps\fR .ad .sp .6 .RS 4n Enhances resource isolation by preventing too many LWPs in one zone from affecting other zones. A zone's total LWPs can be further subdivided among -projects within the zone within the zone by using \fBproject.max-lwps\fR -entries. Expressed as an integer. +projects within the zone by using \fBproject.max-lwps\fR entries. Expressed as +an integer. .RE .sp .ne 2 .na -\fB\fBzone.max-msg-ids\fR\fR +\fBzone.max-msg-ids\fR .ad .sp .6 .RS 4n @@ -432,7 +469,20 @@ integer. .sp .ne 2 .na -\fB\fBzone.max-sem-ids\fR\fR +\fBzone.max-processes\fR +.ad +.sp .6 +.RS 4n +Enhances resource isolation by preventing too many processes in one zone from +affecting other zones. A zone's total processes can be further subdivided among +projects within the zone by using \fBproject.max-processes\fR entries. +Expressed as an integer. +.RE + +.sp +.ne 2 +.na +\fBzone.max-sem-ids\fR .ad .sp .6 .RS 4n @@ -442,7 +492,7 @@ Maximum number of semaphore IDs allowed for a zone, expressed as an integer. .sp .ne 2 .na -\fB\fBzone.max-shm-ids\fR\fR +\fBzone.max-shm-ids\fR .ad .sp .6 .RS 4n @@ -453,7 +503,7 @@ integer. .sp .ne 2 .na -\fB\fBzone.max-shm-memory\fR\fR +\fBzone.max-shm-memory\fR .ad .sp .6 .RS 4n @@ -464,7 +514,7 @@ bytes. .sp .ne 2 .na -\fB\fBzone.max-swap\fR\fR +\fBzone.max-swap\fR .ad .sp .6 .RS 4n @@ -476,7 +526,6 @@ mappings and \fBtmpfs\fR mounts for this zone. .LP See \fBzones\fR(5). .SS "Units Used in Resource Controls" -.LP Resource controls can be expressed as in units of size (bytes), time (seconds), or as a count (integer). These units use the strings specified below. .sp @@ -561,7 +610,6 @@ Note that unit modifiers (for example, \fB5G\fR) are accepted by the \fBprctl\fR(1), \fBprojadd\fR(1M), and \fBprojmod\fR(1M) commands. You cannot use unit modifiers in the project database itself. .SS "Resource Control Values and Privilege Levels" -.LP A threshold value on a resource control constitutes a point at which local actions can be triggered or global actions, such as logging, can occur. .sp @@ -571,7 +619,7 @@ level. The privilege level must be one of the following three types: .sp .ne 2 .na -\fB\fBbasic\fR\fR +\fBbasic\fR .ad .sp .6 .RS 4n @@ -581,7 +629,7 @@ Can be modified by the owner of the calling process. .sp .ne 2 .na -\fB\fBprivileged\fR\fR +\fBprivileged\fR .ad .sp .6 .RS 4n @@ -592,7 +640,7 @@ or by \fBprctl\fR(1) (requiring \fBproc_owner\fR privilege). .sp .ne 2 .na -\fB\fBsystem\fR\fR +\fBsystem\fR .ad .sp .6 .RS 4n @@ -629,7 +677,6 @@ task.max-lwps=(priv,1K,deny) .in -2 .SS "Global and Local Actions on Resource Control Values" -.LP There are two categories of actions on resource control values: global and local. .sp @@ -715,7 +762,7 @@ follows: .sp .ne 2 .na -\fB\fBnone\fR\fR +\fBnone\fR .ad .sp .6 .RS 4n @@ -729,7 +776,7 @@ the process exceeding the threshold is not affected. .sp .ne 2 .na -\fB\fBdeny\fR\fR +\fBdeny\fR .ad .sp .6 .RS 4n @@ -742,7 +789,7 @@ control value. See the \fBfork\fR(2). .sp .ne 2 .na -\fB\fBsignal=\fR\fR +\fBsignal=\fR .ad .sp .6 .RS 4n @@ -771,7 +818,7 @@ The following are the signals available to resource control values: .sp .ne 2 .na -\fB\fBSIGABRT\fR\fR +\fBSIGABRT\fR .ad .sp .6 .RS 4n @@ -781,7 +828,7 @@ Terminate the process. .sp .ne 2 .na -\fB\fBSIGHUP\fR\fR +\fBSIGHUP\fR .ad .sp .6 .RS 4n @@ -792,7 +839,7 @@ the process group that controls the terminal. .sp .ne 2 .na -\fB\fBSIGTERM\fR\fR +\fBSIGTERM\fR .ad .sp .6 .RS 4n @@ -802,7 +849,7 @@ Terminate the process. Termination signal sent by software. .sp .ne 2 .na -\fB\fBSIGKILL\fR\fR +\fBSIGKILL\fR .ad .sp .6 .RS 4n @@ -812,7 +859,7 @@ Terminate the process and kill the program. .sp .ne 2 .na -\fB\fBSIGSTOP\fR\fR +\fBSIGSTOP\fR .ad .sp .6 .RS 4n @@ -822,7 +869,7 @@ Stop the process. Job control signal. .sp .ne 2 .na -\fB\fBSIGXRES\fR\fR +\fBSIGXRES\fR .ad .sp .6 .RS 4n @@ -832,7 +879,7 @@ Resource control limit exceeded. Generated by resource control facility. .sp .ne 2 .na -\fB\fBSIGXFSZ\fR\fR +\fBSIGXFSZ\fR .ad .sp .6 .RS 4n @@ -844,7 +891,7 @@ controls with the \fBRCTL_GLOBAL_FILE_SIZE\fR property .sp .ne 2 .na -\fB\fBSIGXCPU\fR\fR +\fBSIGXCPU\fR .ad .sp .6 .RS 4n @@ -854,7 +901,6 @@ controls with the \fBRCTL_GLOBAL_CPUTIME\fR property .RE .SS "Resource Control Flags and Properties" -.LP Each resource control on the system has a certain set of associated properties. This set of properties is defined as a set of flags, which are associated with all controlled instances of that resource. Global flags cannot be modified, but @@ -894,7 +940,7 @@ The global flags indicate the following: .sp .ne 2 .na -\fB\fBlowerable\fR\fR +\fBlowerable\fR .ad .sp .6 .RS 4n @@ -905,7 +951,7 @@ control. .sp .ne 2 .na -\fB\fBno-deny\fR\fR +\fBno-deny\fR .ad .sp .6 .RS 4n @@ -916,7 +962,7 @@ denied. .sp .ne 2 .na -\fB\fBcpu-time\fR\fR +\fBcpu-time\fR .ad .sp .6 .RS 4n @@ -927,7 +973,7 @@ are reached. .sp .ne 2 .na -\fB\fBseconds\fR\fR +\fBseconds\fR .ad .sp .6 .RS 4n @@ -958,7 +1004,6 @@ resource control. An \fBinf\fR value has an infinite quantity. The value is never enforced. Hence, as configured, both threshold quantities represent infinite values that are never exceeded. .SS "Resource Control Enforcement" -.LP More than one resource control can exist on a resource. A resource control can exist at each containment level in the process model. If resource controls are active on the same resource at different container levels, the smallest @@ -966,7 +1011,6 @@ container's control is enforced first. Thus, action is taken on \fBprocess.max-cpu-time\fR before \fBtask.max-cpu-time\fR if both controls are encountered simultaneously. .SH ATTRIBUTES -.LP See \fBattributes\fR(5) for a description of the following attributes: .sp @@ -981,7 +1025,6 @@ Interface Stability Evolving .TE .SH SEE ALSO -.LP \fBprctl\fR(1), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBprojadd\fR(1M), \fBprojmod\fR(1M), \fBrctladm\fR(1M), \fBsetrctl\fR(2), \fBrctlblk_set_value\fR(3C), \fBlibpool\fR(3LIB), \fBproject\fR(4), -- cgit v1.2.3