Mads Toftum wrote:
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system. You want to
be able to get on the global zone and clean up the misbehaving zone
and any other well behaved non-global zones should still be able to
do work.
Given that, having FSS on by default makes sense. Each zone will
have 1 share by default, so thats fine.
I'm not too keen to have it on by default, but if you're going to then 1
share each makes sense. Or perhaps something like 10 shares each making
it simple to sneak in a low priority zone without having to edit all
zones.
Can you explain your concern? What if we fixed FSS so it works when
you are running the windowing system (like IA)?
What if max-lwps defaulted to a fairly large number (5000)? How often
would this be an issue for a well-behaved zone?
Sounds fairly reasonable and as something where people won't often hit
the limit - in fact I'd almost be tempted to go lower and small
configurations.
You could always do that, this would just be a default.
If we implement Dan's idea of a percentage for some of the resource
controls we could have physical memory and swap caps default to something
like
50%-75% of the system total. Again, well-behaved zones shouldn't get close
to this (if they do, the system is probably undersized to begin with) but
we can keep a misbehaving zone in check.
Wouldn't this lead to a waste of resources on systems with only one
non-global zone? It may not be the most common setup, but still makes a
lot of sense for a higher level of security.
No, since this is only a cap, not a partitioning of resources, so everything
is still shared.
Thanks,
Jerry
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
