The global administrator or a user with appropriate authorizations can set privileged zone-wide resource controls for a zone. Zone-wide resource controls limit the total resource usage of all process entities within a zone.
These limits are specified for both the global and non-global zones by using the zonecfg command. See How to Configure the Zone in Creating and Using Oracle Solaris Zones .
The preferred, simpler method for setting a zone-wide resource control is to use the property name or resource, such as capped-cpu, instead of the rctl resource, such as cpu-cap.
The zone.cpu-cap resource control sets an absolute limit on the amount of CPU resources that can be consumed by a zone. A value of 100 means 100 percent of one CPU as the setting. A value of 125 is 125 percent, because 100 percent corresponds to one full CPU on the system when using CPU caps.
The zone.cpu-shares resource control sets a limit on the number of fair share scheduler (FSS) CPU shares for a zone. CPU shares are first allocated to the zone, and then further subdivided among projects within the zone as specified in the project.cpu-shares entries. For more information, see Using the Fair Share Scheduler on an Oracle Solaris System With Zones Installed in Creating and Using Oracle Solaris Zones . The global property name for this control is cpu-shares.
The zone.max-locked-memory resource control limits the amount of locked physical memory available to a zone. The allocation of the locked memory resource across projects within the zone can be controlled by using the project.max-locked-memory resource control. See Available Resource Controls in Administering Resource Management in Oracle Solaris 11.2 for more information.
The zone.max-lofi resource control limits the number of potential lofi devices that can be created by a zone.
The zone.max-lwps resource control enhances resource isolation by preventing too many LWPs in one zone from affecting other zones. The allocation of the LWP resource across projects within the zone can be controlled by using the project.max-lwps resource control. See Available Resource Controls in Administering Resource Management in Oracle Solaris 11.2 for more information. The global property name for this control is max-lwps.
The zone.max-processes resource control enhances resource isolation by preventing a zone from using too many process table slots and thus affecting other zones. The allocation of the process table slots resource across projects within the zone can be set by using the project.max-processes resource control described in Available Resource Controls in Administering Resource Management in Oracle Solaris 11.2 . The global property name for this control is max-processes. The zone.max-processes resource control can also encompass the zone.max-lwps resource control. If zone.max-processes is set and zone.max-lwps is not set, then zone.max-lwps is implicitly set to 10 times the zone.max-processes value when the zone is booted. Note that because both normal processes and zombie processes take up process table slots, the max-processes control thus protects against zombies exhausting the process table. Because zombie processes do not have any LWPs by definition, the max-lwps cannot protect against this possibility.
The zone.max-msg-ids, zone.max-sem-ids, zone.max-shm-ids, and zone.max-shm-memory resource controls are used to limit System V resources used by all processes within a zone. The allocation of System V resources across projects within the zone can be controlled by using the project versions of these resource controls. The global property names for these controls are max-msg-ids, max-sem-ids, max-shm-ids, and max-shm-memory.
The zone.max-swap resource control limits swap consumed by user process address space mappings and tmpfs mounts within a zone. The output of prstat –Z displays a SWAP column. The swap reported is the total swap consumed by the zone's processes and tmpfs mounts. This value assists in monitoring the swap reserved by each zone, which can be used to choose an appropriate zone.max-swap setting.
|
These limits can be specified for running processes by using the prctl command. An example is provided in How to Set FSS Shares in the Global Zone Using the prctl Command in Creating and Using Oracle Solaris Zones . Limits specified through the prctl command are not persistent. The limits are only in effect until the system is rebooted.