On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
> The requirement for the RM defaults should be that a misbehaving
> zone can't effectively bring down the whole system.  You want to
> be able to get on the global zone and clean up the misbehaving zone
> and any other well behaved non-global zones should still be able to
> do work.
> 
> Given that, having FSS on by default makes sense.  Each zone will
> have 1 share by default, so thats fine.
> 
I'm not too keen to have it on by default, but if you're going to then 1
share each makes sense. Or perhaps something like 10 shares each making
it simple to sneak in a low priority zone without having to edit all
zones.

> What if max-lwps defaulted to a fairly large number (5000)?   How often
> would this be an issue for a well-behaved zone?
> 
Sounds fairly reasonable and as something where people won't often hit
the limit - in fact I'd almost be tempted to go lower and small
configurations.

> If we implement Dan's idea of a percentage for some of the resource
> controls we could have physical memory and swap caps default to something 
> like
> 50%-75% of the system total.  Again, well-behaved zones shouldn't get close
> to this (if they do, the system is probably undersized to begin with) but
> we can keep a misbehaving zone in check.
> 
Wouldn't this lead to a waste of resources on systems with only one
non-global zone? It may not be the most common setup, but still makes a
lot of sense for a higher level of security.

vh

Mads Toftum
-- 
http://soulfood.dk
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to