RESOURCE_CONTROLS man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]

RESOURCE_CONTROLS(5)					  RESOURCE_CONTROLS(5)

NAME
       resource_controls  -  resource  controls available through projects and
       zones

DESCRIPTION
       For projects the resource controls facility is configured  through  the
       project	database.   See	 project(4).  For zones, resource controls are
       configured through zonecfg(1M).	You can set and modify	resource  con‐
       trols through the following utilities:

	   o	  prctl(1)

	   o	  projadd(1M)

	   o	  projmod(1M)

	   o	  rctladm(1M)

	   o	  zonecfg(1M)

       In a program, you use setrctl(2) to set resource control values.

       In  addition  to	 the  preceding	 resource controls, there are resource
       pools, accessible through the pooladm(1M) and poolcfg(1M) utilities. In
       a  program, resource pools can be manipulated through the libpool(3LIB)
       library.

       The following are the resource controls are available:

       process.max-address-space

	   Maximum amount of address space, as summed over segment sizes, that
	   is available to this process, expressed as a number of bytes.

       process.max-core-size

	   Maximum size of a core file created by this process, expressed as a
	   number of bytes.

       process.max-cpu-time

	   Maximum CPU time that is available to this process, expressed as  a
	   number of seconds.

       process.max-data-size

	   Maximum  heap memory available to this process, expressed as a num‐
	   ber of bytes.

       process.max-file-descriptor

	   Maximum file descriptor index available to this process,  expressed
	   as an integer.

       process.max-file-size

	   Maximum   file  offset  available  for  writing  by	this  process,
	   expressed as a number of bytes.

       process.max-msg-messages

	   Maximum number of messages on a message queue  (value  copied  from
	   the resource control at msgget() time), expressed as an integer.

       process.max-msg-qbytes

	   Maximum  number  of	bytes  of  messages  on a message queue (value
	   copied from the resource control at msgget() time), expressed as  a
	   number of bytes.

       process.max-port-events

	   Maximum  allowable number of events per event port, expressed as an
	   integer.

       process.max-sem-nsems

	   Maximum number of semaphores allowed per semaphore  set,  expressed
	   as an integer.

       process.max-sem-ops

	   Maximum  number  of	semaphore  operations  allowed	per semop call
	   (value  copied  from	 the  resource	control	 at  semget()	time).
	   Expressed as an integer, specifying the number of operations.

       process.max-sigqueue-size

	   Maximum number of outstanding queued signals.

       process.max-stack-size

	   Maximum  stack  memory segment available to this process, expressed
	   as a number of bytes.

       project.cpu-caps

	   Maximum amount of CPU resources that a project can  use.  The  unit
	   used is the percentage of a single CPU that can be used by all user
	   threads in a project.  Expressed as an integer. The	cap  does  not
	   apply  to  threads  running	in  real-time  scheduling  class. This
	   resource control does not support the syslog action.

       project.cpu-shares

	   Number of CPU shares granted to a project for  use  with  the  fair
	   share scheduler (see FSS(7)). The unit used is the number of shares
	   (an integer). This resource control does  not  support  the	syslog
	   action.

       project.max-contracts

	   Maximum  number  of contracts allowed in a project, expressed as an
	   integer.

       project.max-crypto-memory

	   Maximum amount of kernel memory that can be used for crypto	opera‐
	   tions.   Allocations	 in the kernel for buffers and session-related
	   structures are charged against this resource control.

       project.max-locked-memory

	   Total amount of physical memory locked by device drivers  and  user
	   processes (including D/ISM), expressed as a number of bytes.

       project.max-lwps

	   Maximum  number  of	LWPs  simultaneously  available	 to a project,
	   expressed as an integer.

       project.max-msg-ids

	   Maximum  number  of	message	 queue	IDs  allowed  for  a  project,
	   expressed as an integer.

       project.max-port-ids

	   Maximum allowable number of event ports, expressed as an integer.

       project.max-processes

	   Maximum  number  of processes that can be active in a project. This
	   rctl is similar to project.max-lwps, except that  zombie  processes
	   are included.  This rctl prevents process-slot exhaustion which can
	   occur due to an excessive number of zombies. Expressed as an	 inte‐
	   ger.

       project.max-sem-ids

	   Maximum number of semaphore IDs allowed for a project, expressed as
	   an integer.

       project.max-shm-ids

	   Maximum  number  of	shared	memory	IDs  allowed  for  a  project,
	   expressed as an integer.

       project.max-shm-memory

	   Total amount of shared memory allowed for a project, expressed as a
	   number of bytes.

       project.max-tasks

	   Maximum number of tasks allowable in a  project,  expressed	as  an
	   integer.

       project.pool

	   Binds a specified resource pool with a project.

       rcap.max-rss

	   The total amount of physical memory, in bytes, that is available to
	   processes in a project.

       task.max-cpu-time

	   Maximum CPU time  that  is  available  to  this  task's  processes,
	   expressed as a number of seconds.

       task.max-lwps

	   Maximum number of LWPs simultaneously available to this task's pro‐
	   cesses, expressed as an integer.

       The following zone-wide resource controls are available:

       zone.cpu-baseline

	   Sets a baseline amount of CPU time that a zone can use before it is
	   considered  to  be  bursting.  The unit used is the percentage of a
	   single CPU that is being used by all user threads in	 a  zone.  The
	   value  should  be  less  than  the  zone.cpu-cap  rctl value and is
	   expressed as an integer.  This resource control  does  not  support
	   the syslog action.

       zone.cpu-burst-time

	   Sets	 the  number  of  seconds that a zone can exceed the zone.cpu-
	   baseline rctl value before being cpu-capped down to	the  zone.cpu-
	   baseline.   A  value	 of  0	means  that  zone.cpu-baseline	can be
	   exceeded indefinitely.  This resource control does not support  the
	   syslog action.

       zone.cpu-cap

	   Sets	 a limit on the amount of CPU time that can be used by a zone.
	   The unit used is the percentage of a single CPU that can be used by
	   all	user threads in a zone. Expressed as an integer. When projects
	   within the capped zone have their own caps, the minimum value takes
	   precedence.	This  resource	control	 does  not  support the syslog
	   action.

       zone.cpu-shares

	   Sets a value on the number of fair share scheduler (FSS) CPU shares
	   for	a  zone.  CPU shares are first allocated to the zone, and then
	   further subdivided among projects within the zone as	 specified  in
	   the	project.cpu-shares  entries.   Expressed  as  an integer. This
	   resource control does not support the syslog action.

       zone.max-locked-memory

	   Total amount of physical locked memory available to a zone.

       zone.max-lofi

	   Sets a limit on the number of LOFI(7D) devices that can be  created
	   in  a zone. Expressed as an integer. This resource control does not
	   support the syslog action.

       zone.max-lwps

	   Sets a limit on how many LWPs can be active in  a  zone.  A	zone's
	   total LWPs can be further subdivided among projects within the zone
	   within the zone by using project.max-lwps entries. Expressed as  an
	   integer.

       zone.max-msg-ids

	   Maximum  number  of message queue IDs allowed for a zone, expressed
	   as an integer.

       zone.max-physical-memory

	   Sets a limit on the amount of physical memory  (RSS)	 that  can  be
	   used	 by  a	zone  before resident pages start being forcibly paged
	   out.	 The unit used is  bytes.   Expressed  as  an  integer.	  This
	   resource control does not support the syslog action.

       zone.max-processes

	   Maximum number of processes that can be active in a zone. This rctl
	   is similar to  zone.max-lwps,  except  that	zombie	processes  are
	   included.   This  rctl  prevents  process-slot exhaustion which can
	   occur due to an excessive number of zombies. This rctl can be  fur‐
	   ther	 subdivided  among projects within the zone using project.max-
	   processes. Expressed as an integer.

       zone.max-sem-ids

	   Maximum number of semaphore IDs allowed for a zone, expressed as an
	   integer.

       zone.max-shm-ids

	   Maximum  number  of shared memory IDs allowed for a zone, expressed
	   as an integer.

       zone.max-shm-memory

	   Total amount of shared memory allowed for a zone,  expressed	 as  a
	   number of bytes.

       zone.max-swap

	   Total  amount  of swap that can be consumed by user process address
	   space mappings and tmpfs mounts for this zone.

       zone.zfs-io-priority

	   Sets a value for the zfs(1M) I/O priority for a zone. This is  used
	   as  one of the inputs to determine if a zone's I/O should be throt‐
	   tled.  Expressed as an integer. This resource control does not sup‐
	   port the syslog action.

       See zones(5).

   Units Used in Resource Controls
       Resource	 controls  can	be expressed as in units of size (bytes), time
       (seconds), or as a count (integer). These units use the strings	speci‐
       fied below.

	 Category	      Res Ctrl	    Modifier  Scale
			      Type String
	 -----------	      -----------   --------  -----
	 Size		      bytes	    B	      1
					    KB	      2^10
					    MB	      2^20
					    GB	      2^30
					    TB	      2^40
					    PB	      2^50
					    EB	      2^60

	 Time		      seconds	    s	      1
					    Ks	      10^3
					    Ms	      10^6
					    Gs	      10^9
					    Ts	      10^12
					    Ps	      10^15
					    Es	      10^18

	 Count		      integer	    none      1
					    K	      10^3
					    M	      10^6
					    G	      10^9
					    T	      10^12
					    P	      10^15
					    Es	      10^18

       Scaled values can be used with resource controls. The following example
       shows a scaled threshold value:

	 task.max-lwps=(priv,1K,deny)

       In the project file, the value 1K is expanded to 1000:

	 task.max-lwps=(priv,1000,deny)

       A second example uses a larger scaled value:

	 process.max-file-size=(priv,5G,deny)

       In the project file, the value 5G is expanded to 5368709120:

	 process.max-file-size=(priv,5368709120,deny)

       The preceding examples use the scaling factors specified in  the	 table
       above.

       Note  that  unit	 modifiers  (for  example,  5G)	 are  accepted	by the
       prctl(1), projadd(1M), and projmod(1M) commands. You  cannot  use  unit
       modifiers in the project database itself.

   Resource Control Values and Privilege Levels
       A  threshold  value  on a resource control constitutes a point at which
       local actions can be triggered or global actions, such as logging,  can
       occur.

       Each  threshold	value  on a resource control must be associated with a
       privilege level. The privilege level must be one of the following three
       types:

       basic

	   Can be modified by the owner of the calling process.

       privileged

	   Can	be  modified  by  the  current process (requiring sys_resource
	   privilege) or by prctl(1) (requiring proc_owner privilege).

       system

	   Fixed for the duration of the operating system instance.

       A resource control is guaranteed to have one  system  value,  which  is
       defined	by  the	 system, or resource provider. The system value repre‐
       sents how much of the resource the current implementation of the	 oper‐
       ating system is capable of providing.

       Any  number  of	privileged  values  can be defined, and only one basic
       value is allowed. Operations that are performed	without	 specifying  a
       privilege value are assigned a basic privilege by default.

       The  privilege  level  for  a  resource control value is defined in the
       privilege field of the resource control block as RCTL_BASIC, RCTL_PRIV‐
       ILEGED,	or  RCTL_SYSTEM.  See setrctl(2) for more information. You can
       use the prctl command to modify values that are associated  with	 basic
       and privileged levels.

       In specifying the privilege level of privileged, you can use the abbre‐
       viation priv. For example:

	 task.max-lwps=(priv,1K,deny)

   Global and Local Actions on Resource Control Values
       There are two categories of actions on resource control values:	global
       and local.

       Global actions apply to resource control values for every resource con‐
       trol on the system. You can use rctladm(1M) to  perform	the  following
       actions:

	   o	  Display the global state of active system resource controls.

	   o	  Set global logging actions.

       You  can	 disable  or enable the global logging action on resource con‐
       trols. You can set the syslog action to a specific degree by  assigning
       a  severity level, syslog=level. The possible settings for level are as
       follows:

	   o	  debug

	   o	  info

	   o	  notice

	   o	  warning

	   o	  err

	   o	  crit

	   o	  alert

	   o	  emerg

       By default, there is no global logging of resource control violations.

       Local actions are taken on a process that attempts to exceed  the  con‐
       trol value.  For each threshold value that is placed on a resource con‐
       trol, you can associate one or more actions. There are three  types  of
       local actions: none, deny, and signal=. These three actions are used as
       follows:

       none

	   No action is taken on resource  requests  for  an  amount  that  is
	   greater  than  the  threshold. This action is useful for monitoring
	   resource usage without affecting the progress of applications.  You
	   can	also  enable  a global message that displays when the resource
	   control is exceeded, while, at the same time, the process exceeding
	   the threshhold is not affected.

       deny

	   You	can  deny resource requests for an amount that is greater than
	   the threshold. For example, a task.max-lwps resource	 control  with
	   action  deny causes a fork() system call to fail if the new process
	   would exceed the control value. See the fork(2).

       signal=

	   You can enable a global signal message  action  when	 the  resource
	   control  is	exceeded.  A  signal  is  sent to the process when the
	   threshold value is exceeded.	 Additional signals are	 not  sent  if
	   the	process	 consumes additional resources.	 Available signals are
	   listed below.

       Not all of the actions can be applied to every  resource	 control.  For
       example,	 a  process cannot exceed the number of CPU shares assigned to
       the project of which it is a member. Therefore, a deny  action  is  not
       allowed on the project.cpu-shares resource control.

       Due  to implementation restrictions, the global properties of each con‐
       trol can restrict the range of available actions that can be set on the
       threshold value.	 (See rctladm(1M).) A list of available signal actions
       is presented in the following list. For	additional  information	 about
       signals, see signal(3HEAD).

       The following are the signals available to resource control values:

       SIGABRT

	   Terminate the process.

       SIGHUP

	   Send	 a  hangup  signal. Occurs when carrier drops on an open line.
	   Signal sent to the process group that controls the terminal.

       SIGTERM

	   Terminate the process. Termination signal sent by software.

       SIGKILL

	   Terminate the process and kill the program.

       SIGSTOP

	   Stop the process. Job control signal.

       SIGXRES

	   Resource control limit  exceeded.  Generated	 by  resource  control
	   facility.

       SIGXFSZ

	   Terminate  the process. File size limit exceeded. Available only to
	   resource   controls	 with	the   RCTL_GLOBAL_FILE_SIZE   property
	   (process.max-file-size). See rctlblk_set_value(3C).

       SIGXCPU

	   Terminate  the  process. CPU time limit exceeded. Available only to
	   resource   controls	 with	the    RCTL_GLOBAL_CPUTIME    property
	   (process.max-cpu-time). See rctlblk_set_value(3C).

   Resource Control Flags and Properties
       Each  resource  control	on  the system has a certain set of associated
       properties.  This set of properties is defined as a set of flags, which
       are  associated	with all controlled instances of that resource. Global
       flags cannot be modified, but the  flags	 can  be  retrieved  by	 using
       either rctladm(1M) or the setrctl(2) system call.

       Local  flags  define  the default behavior and configuration for a spe‐
       cific threshold value of that resource control on a specific process or
       process	collective.  The  local	 flags	for one threshold value do not
       affect the behavior of other defined  threshold	values	for  the  same
       resource	 control.  However,  the  global flags affect the behavior for
       every value associated with a particular control. Local	flags  can  be
       modified, within the constraints supplied by their corresponding global
       flags, by the prctl command or the setrctl system call. See setrctl(2).

       For the complete list of local flags, global flags, and	their  defini‐
       tions, see rctlblk_set_value(3C).

       To  determine  system  behavior when a threshold value for a particular
       resource control is reached, use rctladm to display  the	 global	 flags
       for  the	 resource  control  .  For  example, to display the values for
       process.max-cpu-time, enter:

	 $ rctladm process.max-cpu-time
	 process.max-cpu-time  syslog=off [ lowerable no-deny cpu-time inf seconds ]

       The global flags indicate the following:

       lowerable

	   Superuser privileges are not required to lower the privileged  val‐
	   ues for this control.

       no-deny

	   Even	 when threshold values are exceeded, access to the resource is
	   never denied.

       cpu-time

	   SIGXCPU is available to be  sent  when  threshold  values  of  this
	   resource are reached.

       seconds

	   The time value for the resource control.

       Use  the	 prctl	command	 to  display  local values and actions for the
       resource control. For example:

	 $ prctl -n process.max-cpu-time $$
	     process 353939: -ksh
	     NAME    PRIVILEGE	  VALUE	   FLAG	  ACTION	      RECIPIENT
	  process.max-cpu-time
		  privileged   18.4Es	 inf   signal=XCPU		   -
		  system       18.4Es	 inf   none

       The max (RCTL_LOCAL_MAXIMAL) flag is set for both threshold values, and
       the  inf	 (RCTL_GLOBAL_INFINITE) flag is defined for this resource con‐
       trol. An inf value  has	an  infinite  quantity.	 The  value  is	 never
       enforced.  Hence,  as  configured,  both threshold quantities represent
       infinite values that are never exceeded.

   Resource Control Enforcement
       More than one resource control can exist on a resource. A resource con‐
       trol  can  exist	 at  each  containment	level in the process model. If
       resource controls are active on the same	 resource  at  different  con‐
       tainer  levels,	the  smallest  container's  control is enforced first.
       Thus, action is taken on process.max-cpu-time before  task.max-cpu-time
       if both controls are encountered simultaneously.

ATTRIBUTES
       See attributes(5) for a description of the following attributes:

       ┌────────────────────┬─────────────────┐
       │  ATTRIBUTE TYPE    │ ATTRIBUTE VALUE │
       ├────────────────────┼─────────────────┤
       │Interface Stability │ Evolving	      │
       └────────────────────┴─────────────────┘

SEE ALSO
       prctl(1),  pooladm(1M),	poolcfg(1M),  projadd(1M),  projmod(1M),  rct‐
       ladm(1M), setrctl(2), rctlblk_set_value(3C), libpool(3LIB), project(4),
       attributes(5), FSS(7)

       System  Administration Guide:  Virtualization Using the Solaris Operat‐
       ing System

				 Jul 19, 2013		  RESOURCE_CONTROLS(5)
[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net