System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones

Setting Resource Controls

ProcedureHow to Set the Maximum Number of LWPs for Each Task in a Project

This procedure adds a project named x-files to the /etc/project file and sets a maximum number of LWPs for a task created in the project.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Use the projadd command with the -K option to create a project called x-files. Set the maximum number of LWPs for each task created in the project to 3.


    # projadd -K 'task.max-lwps=(privileged,3,deny)' x-files
    
  3. View the entry in the /etc/project file by using one of the following methods:

    • Type:


      # projects -l
      system
              projid : 0
              comment: ""
              users  : (none)
              groups : (none)
              attribs: 
      .
      .
      .
      x-files
              projid : 100
              comment: ""
              users  : (none)
              groups : (none)
              attribs: task.max-lwps=(privileged,3,deny)
    • Type:


      # cat /etc/project
      system:0:System:::
      .
      .
      .
      x-files:100::::task.max-lwps=(privileged,3,deny)

Example 7–1 Sample Session

After implementing the steps in this procedure, when superuser creates a new task in project x-files by joining the project with newtask, superuser will not be able to create more than three LWPs while running in this task. This is shown in the following annotated sample session.


# newtask -p x-files csh

# prctl -n task.max-lwps $$
process: 111107: csh
NAME    PRIVILEGE    VALUE    FLAG   ACTION            RECIPIENT
task.max-lwps
        privileged       3       -   deny                      -
        system       2.15G     max   deny                      -
# id -p
uid=0(root) gid=1(other) projid=100(x-files)

# ps -o project,taskid -p $$
 PROJECT TASKID
 x-files    73

# csh        /* creates second LWP */

# csh        /* creates third LWP */

# csh        /* cannot create more LWPs */
Vfork failed
#

ProcedureHow to Set Multiple Controls on a Project

The /etc/project file can contain settings for multiple resource controls for each project as well as multiple threshold values for each control. Threshold values are defined in action clauses, which are comma-separated for multiple values.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Use the projmod command with the -s and -K options to set resource controls on project x-files:


    # projmod -s -K 'task.max-lwps=(basic,10,none),(privileged,500,deny);
    process.max-file-descriptor=(basic,128,deny)' x-filesone line in file
    

    The following controls are set:

    • A basic control with no action on the maximum LWPs per task.

    • A privileged deny control on the maximum LWPs per task. This control causes any LWP creation that exceeds the maximum to fail, as shown in the previous example How to Set the Maximum Number of LWPs for Each Task in a Project.

    • A limit on the maximum file descriptors per process at the basic level, which forces the failure of any open call that exceeds the maximum.

  3. View the entry in the file by using one of the following methods:

    • Type:


      # projects -l
      .
      .
      .
      x-files
              projid : 100
              comment: ""
              users  : (none)
              groups : (none)
              attribs: process.max-file-descriptor=(basic,128,deny)
                       task.max-lwps=(basic,10,none),(privileged,500,deny) one line in file
      
    • Type:


      # cat etc/project
      .
      .
      .
      x-files:100::::process.max-file-descriptor=(basic,128,deny);
      task.max-lwps=(basic,10,none),(privileged,500,deny) one line in file