Yeah, zone.max-lwps stops the fork bombs if that's what you are trying to do.

I showed it to a customer today.  I set it arbitrarily high at 15,000, but well below the global default of ~31K.

# zonecfg -z zone1
zonecfg:zone1> add rctl
zonecfg:zone1:rctl> set name=zone.max-lwps
zonecfg:zone1:rctl> add value (priv=privileged,limit=15000,action=""
zonecfg:zone1:rctl> end
zonecfg:zone1> exit
# prctl -s -n zone.max-lwps -v 15000 -t priv -e deny -i zone zone1

The first command makes the setting survive reboot, the 2nd invokes it real time.

Then to test you can do a simple script:    while true ; do ; sleep 600& ; done

Then watch prstat -Z and see the zone get capped at 15,000 processes.

More here:  http://www.opensolaris.org/os/project/rm/zones/

Regards,
Mark

Dan Price wrote:
On Thu 14 Feb 2008 at 03:40PM, Pedro Espinoza wrote:
  
Is there any way to enforce maxuproc at zone level? Or is there any
equivalent functionality at zoneadm/rctl level?
    

Pedro,

I believe that the global maxuprc setting is enforced per-zone.
That is to say, each zone has its own user-process-count table,
but that the global zone's /etc/system setting applies to all.
See for example

http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/os/fork.c

(Around line 970; search the file for the only occurence of
"upcount_get").

It would be nice to be able to tune this per-zone (or to convert
this to a zone-level resource control), but we don't have that at 
present.

Depending on what you are trying to do, setting a resource control
such project.max-lwps may be more appropriate; it certainly gives
you a greater degree of control.

        -dp

  

-- 
Mark Mulligan
Sun Microsystems, Inc.
2398 E. Camelback Road, Suite 950
Phoenix, AZ 85016 US
Mobile 602 625-0846
Email [EMAIL PROTECTED]
http://www.sun.com
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to