Yeah, zone.max-lwps stops the fork bombs if that's what you are trying
to do.
I showed it to a customer today. I set it arbitrarily high at 15,000,
but well below the global default of ~31K.
# zonecfg -z zone1
zonecfg:zone1 add rctl
zonecfg:zone1:rctl set name=zone.max-lwps
zonecfg:zone1:rctl add value (priv=privileged,limit=15000,action=""
zonecfg:zone1:rctl end
zonecfg:zone1 exit
# prctl -s -n zone.max-lwps -v 15000 -t priv -e deny -i zone zone1
The first command makes the setting survive reboot, the 2nd invokes it
real time.
Then to test you can do a simple script: while true ; do ; sleep
600 ; done
Then watch prstat -Z and see the zone get capped at 15,000 processes.
More here: http://www.opensolaris.org/os/project/rm/zones/
Regards,
Mark
Dan Price wrote:
On Thu 14 Feb 2008 at 03:40PM, Pedro Espinoza wrote:
Is there any way to enforce maxuproc at zone level? Or is there any
equivalent functionality at zoneadm/rctl level?
Pedro,
I believe that the global maxuprc setting is enforced per-zone.
That is to say, each zone has its own user-process-count table,
but that the global zone's /etc/system setting applies to all.
See for example
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/os/fork.c
(Around line 970; search the file for the only occurence of
"upcount_get").
It would be nice to be able to tune this per-zone (or to convert
this to a zone-level resource control), but we don't have that at
present.
Depending on what you are trying to do, setting a resource control
such project.max-lwps may be more appropriate; it certainly gives
you a greater degree of control.
-dp
--
Mark Mulligan
Sun Microsystems, Inc.
2398 E. Camelback Road, Suite 950
Phoenix, AZ 85016 US
Mobile 602 625-0846
Email [EMAIL PROTECTED]
http://www.sun.com
___
zones-discuss mailing list
zones-discuss@opensolaris.org