Yeah, zone.max-lwps stops the fork bombs if that's what you are trying to do.

I showed it to a customer today.  I set it arbitrarily high at 15,000, but well below the global default of ~31K.

# zonecfg -z zone1
zonecfg:zone1> add rctl
zonecfg:zone1:rctl> set name=zone.max-lwps
zonecfg:zone1:rctl> add value (priv=privileged,limit=15000,action=""
zonecfg:zone1:rctl> end
zonecfg:zone1> exit
# prctl -s -n zone.max-lwps -v 15000 -t priv -e deny -i zone zone1

The first command makes the setting survive reboot, the 2nd invokes it real time.

Then to test you can do a simple script:    while true ; do ; sleep 600& ; done

Then watch prstat -Z and see the zone get capped at 15,000 processes.

More here:


Dan Price wrote:
On Thu 14 Feb 2008 at 03:40PM, Pedro Espinoza wrote:
Is there any way to enforce maxuproc at zone level? Or is there any
equivalent functionality at zoneadm/rctl level?


I believe that the global maxuprc setting is enforced per-zone.
That is to say, each zone has its own user-process-count table,
but that the global zone's /etc/system setting applies to all.
See for example

(Around line 970; search the file for the only occurence of

It would be nice to be able to tune this per-zone (or to convert
this to a zone-level resource control), but we don't have that at 

Depending on what you are trying to do, setting a resource control
such project.max-lwps may be more appropriate; it certainly gives
you a greater degree of control.



Mark Mulligan
Sun Microsystems, Inc.
2398 E. Camelback Road, Suite 950
Phoenix, AZ 85016 US
Mobile 602 625-0846
zones-discuss mailing list

Reply via email to