Oracle® Solaris 11 Security Guidelines

Exit Print View

 
Updated: August 2014
 
 

How to Limit the Size of the tmpfs File System

The size of the tmpfs file system is not limited by default. Therefore, tmpfs can grow to fill the available system memory and swap. Because the /tmp directory is used by all applications and users, an application can fill all available system memory. Similarly, an unprivileged user with malicious intent could cause a system slowdown by creating large files in the /tmp directory. To avoid a performance impact, you can limit the size of each tmpfs mount.

You might try several values to achieve best system performance.

Before You Begin

To edit the vfstab file, you must become an administrator who is assigned the solaris.admin.edit/etc/vfstab authorization. To reboot the system, you must be assigned the Maintenance and Repair rights profile. The root role has all of these rights. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  1. Determine the amount of memory on your system.
    Note -  The SPARC T3 series system that is used for the following example has a solid state disk (ssd) for faster I/O and has eight 279.40 MB disks. The system has around 500 GB of memory. 
    % prtconf | head
System Configuration:  Oracle Corporation  sun4v
Memory size: 523776 Megabytes
System Peripherals (Software Nodes):

ORCL,SPARC-T3-4
scsi_vhci, instance #0
disk, instance #4
disk, instance #5
disk, instance #6
disk, instance #8
  2. Compute a memory limit for tmpfs.

    Depending on the size of the system memory, you might want to compute a memory limit of around 20 percent for large systems and around 30 percent for smaller systems.

    So, for a smaller system, use .30 as the multiplier.

    10240M x .30 ≈ 340M

    For a larger system, use .20 as the multiplier.

    523776M x .20 ≈ 10475M
  3. Modify the swap entry in the /etc/vfstab file with the size limit. 
    # pfedit /etc/vfstab
#device     device       mount       FS      fsck    mount mount
#to mount   to fsck      point       type    pass    at boot options
#
...
#swap       -            /tmp        tmpfs   -       yes     -
swap        -            /tmp        tmpfs   -       yes     size=10400m
/dev/zvol/dsk/rpool/swap   -      -  swap    -       no      -
  4. Reboot the system. 
    # reboot
  5. Verify that the size limit is in effect. 
    % mount -v
swap on /system/volatile type tmpfs
read/write/setuid/devices/rstchown/xattr/dev=89c0006 on Tues Feb 4 14:07:27 2014
swap on /tmp type tmpfs
read/write/setuid/devices/rstchown/xattr/size=10400m/dev=89c0006 on Tues ...
  6. Monitor the memory usage and adjust it to the requirements of your site.

    The df command is somewhat useful. The swap command provides the most useful statistics.

    % df -h /tmp
Filesystem Size Used Available Capacity Mounted on
swap          7.  4G     44M    7.4G 1%       /tmp

% swap -s
total: 190248k bytes allocated + 30348k reserved = 220596k used,
7743780k available

    For more information, see the tmpfs(7FS), mount_tmpfs(1M), df(1M), and swap(1M) man pages.

Copyright © 2011, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next