On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote: > The requirement for the RM defaults should be that a misbehaving > zone can't effectively bring down the whole system. You want to > be able to get on the global zone and clean up the misbehaving zone > and any other well behaved non-global zones should still be able to > do work. > > Given that, having FSS on by default makes sense. Each zone will > have 1 share by default, so thats fine. > I'm not too keen to have it on by default, but if you're going to then 1 share each makes sense. Or perhaps something like 10 shares each making it simple to sneak in a low priority zone without having to edit all zones.
> What if max-lwps defaulted to a fairly large number (5000)? How often > would this be an issue for a well-behaved zone? > Sounds fairly reasonable and as something where people won't often hit the limit - in fact I'd almost be tempted to go lower and small configurations. > If we implement Dan's idea of a percentage for some of the resource > controls we could have physical memory and swap caps default to something > like > 50%-75% of the system total. Again, well-behaved zones shouldn't get close > to this (if they do, the system is probably undersized to begin with) but > we can keep a misbehaving zone in check. > Wouldn't this lead to a waste of resources on systems with only one non-global zone? It may not be the most common setup, but still makes a lot of sense for a higher level of security. vh Mads Toftum -- http://soulfood.dk _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
