Resource Control Sets Associated With a Zone, Project, Processes, and Tasks
The following figure shows the resource control sets associated with zones, tasks, processes and a project.
Figure 5-1 Resource Control Sets for Zone, Task, Project, and Process
More than one resource control can exist on a resource, each resource control at a containment level in the process model. Resource controls can be active on the same resource for both a process and collective task or collective project. In this case, the action for the process takes precedence. For example, action is taken on process.max-cpu-time before task.max-cpu-time if both controls are encountered simultaneously.
Resource Controls Associated With a Project
Resource controls associated with a project include the following:
- project.cpu-cap
Absolute limit on the amount of CPU resources that can be consumed by a project. A value of 100 means 100 percent of one CPU as the project.cpu-cap setting. A value of 125 is 125 percent, because 100 percent corresponds to one full CPU on the system when using CPU caps.
- project.cpu-shares
The number of CPU shares that are granted to this project for use with the fair share scheduler, FSS(7).
- project.max-crypto-memory
Total amount of kernel memory that can be used by libpkcs11 for hardware crypto acceleration. Allocations for kernel buffers and session-related structures are charged against this resource control.
- project.max-locked-memory
Total amount of physical locked memory allowed.
Note that this resource control replaced project.max-device-locked-memory, which has been removed.
- project.max-msg-ids
Maximum number of System V message queues allowed for a project.
- project.max-port-ids
Maximum allowable number of event ports.
- project.max-processes
Maximum number of process table slots simultaneously available to this project.
Note - Both normal processes and zombie processes take up process table slots. The max-processes resource control thus protects against zombie processes exhausting the process table. Note that max-lwps cannot protect against zombie processes exhausting the process table since zombie processes do not have any LWPs by definition.- project.max-sem-ids
Maximum number of semaphore IDs allowed for a project.
- project.max-shm-ids
Maximum number of shared memory IDs allowed for this project.
- project.max-msg-ids
Maximum number of message queue IDs allowed for this project.
- project.max-shm-memory
Total amount of System V shared memory allowed for this project.
- project.max-lwps
Maximum number of LWPs simultaneously available to this project.
- project.max-tasks
Maximum number of tasks allowable in this project.
- project.max-contracts
Maximum number of contracts allowed in this project.
Resource Controls Associated With Tasks
Resource controls associated with tasks include the following:
- task.max-cpu-time
Maximum CPU time (seconds) available to this task's processes.
- task.max-lwps
Maximum number of LWPs simultaneously available to this task's processes.
- task.max-processes
Maximum number of process table slots simultaneously available to this task's processes.
Note - Both normal processes and zombie processes take up process table slots. The max-processes resource control thus protects against zombie processes exhausting the process table. Note that max-lwps cannot protect against zombie processes exhausting the process table since zombie processes do not have any LWPs by definition.
Resource Controls Associated With Processes
Resource controls associated with processes include the following:
- process.max-address-space
Maximum amount of address space (bytes), as summed over segment sizes, available to this process.
- process.max-core-size
Maximum size (bytes) of a core file that is created by this process.
- process.max-cpu-time
Maximum CPU time (seconds) available to this process.
- process.max-file-descriptor
Maximum file descriptor index that is available to this process.
- process.max-file-size
Maximum file offset (bytes) available for writing by this process.
- process.max-msg-messages
Maximum number of messages on a message queue. This value is copied from the resource control at msgget() time.
- process.max-msg-qbytes
Maximum number (bytes) of messages on a message queue. This value is copied from the resource control at msgget() time. When you set a new project.max-msg-qbytes value, initialization occurs only on the subsequently created values. The new project.max-msg-qbytes value does not effect existing values.
- process.max-sem-nsems
Maximum number of semaphores allowed for a semaphore set.
- process.max-sem-ops
Maximum number of semaphore operations that are allowed for a semop() call. This value is copied from the resource control at msgget() time.A new project.max-sem-ops value only affects the initialization of subsequently created values and has no effect on existing values.
- process.max-port-events
Maximum number of events that are allowed per event port.
Zone-Wide Resource Controls
Zone-wide resource controls are available on a system with zones installed. Zone-wide resource controls limit the total resource usage of all process entities within a zone.
- zone.cpu-cap
Absolute limit on the amount of CPU resources that can be consumed by a non-global zone. A value of 100 means 100 percent of one CPU as the project.cpu-cap setting. A value of 125 is 125 percent, because 100 percent corresponds to one full CPU on the system when using CPU caps.
- zone.cpu-shares
Limit on the number of fair share scheduler (FSS) CPU shares for a zone. The scheduling class must be FSS. CPU shares are first allocated to the zone, and then further subdivided among projects within the zone as specified in the project.cpu-shares entries. A zone with a higher number of zone.cpu-shares is allowed to use more CPU than a zone with a low number of shares.
- zone.max-locked-memory
Total amount of physical locked memory available to a zone.
- zone.max-lofi
Maximum number of lofi devices that can be created by a zone.
- zone.max-lwps
Maximum number of LWPs simultaneously available to this zone
- zone.max-msg-ids
Maximum number of message queue IDs allowed for this zone
- zone.max-processes
Maximum number of process table slots simultaneously available to this zone
Note - The zone.max-processes resource control enhances resource isolation by preventing a zone from using too many process table slots and thus affecting other zones. The allocation of the process table slots resource across projects within the zone can be controlled by using the project.max-processes resource control. The global property name for this control is max-processes. The zone.max-processes resource control can also encompass the zone.max-lwps resource control. If zone.max-processes is set and zone.max-lwps is not set, then zone.max-lwps is implicitly set to 10 times the zone.max-processes when the zone is booted.Both normal processes and zombie processes take up process table slots. The max-processes resource control thus protects against zombie processes exhausting the process table. Note that max-lwps cannot protect against zombie processes exhausting the process table since zombie processes do not have any LWPs by definition.
- zone.max-sem-ids
Maximum number of semaphore IDs allowed for this zone
- zone.max-shm-ids
Maximum number of shared memory IDs allowed for this zone
- zone.max-shm-memory
Total amount of shared memory allowed for this zone
- zone.max-swap
Total amount of swap that can be consumed by user process address space mappings and tmpfs mounts for this zone.
For more information, see Zone-Wide Resource Controls in Administering Resource Management in Oracle Solaris 11.2 .
For information on configuring zone-wide resource controls, see Chapter 2, Non-Global Zone Configuration Overview, in Introduction to Oracle Solaris Zones and Chapter 1, How to Plan and Configure Non-Global Zones, in Creating and Using Oracle Solaris Zones .
Note that it is possible to use the zonecfg command to apply a zone-wide resource control to the global zone on a system with non-global zones installed. Also note that the setctrl command will only succeed when called as a privileged user in the global zone. Inside a non-global zone, root cannot set zone-wide resource controls.