Jeff Victor wrote:
With all of that, should default values be minima or maxima? The goal I
have in mind is default values that will protect a zone from DoS
attacks, or the equivalent symptom, caused by bad software.
Although we could assign default values to caps, they would be
arbitrary, and would need to be so large that they would often be
largely ineffective. On the other hand, they would be easy to achieve.
Even *I* could implement them... ;-)
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system. You want to
be able to get on the global zone and clean up the misbehaving zone
and any other well behaved non-global zones should still be able to
do work.
Given that, having FSS on by default makes sense. Each zone will
have 1 share by default, so thats fine.
What if max-lwps defaulted to a fairly large number (5000)? How often
would this be an issue for a well-behaved zone?
If we implement Dan's idea of a percentage for some of the resource
controls we could have physical memory and swap caps default to something like
50%-75% of the system total. Again, well-behaved zones shouldn't get close
to this (if they do, the system is probably undersized to begin with) but
we can keep a misbehaving zone in check.
If we had these 4 things we should be pretty solid right out of the box.
Would this be a good start on this problem?
Jerry
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
