Go to main content

Securing Files and Verifying File Integrity in Oracle® Solaris 11.4

Exit Print View

Updated: August 2018
 
 

Preventing tmpfs File Systems From Filling Up the System

The size of the tmpfs file system is not limited by default. Therefore, tmpfs can grow to fill the available system memory and swap. Because the /tmp directory is used by all applications and users, an application can fill all available system memory. Similarly, an unprivileged user with malicious intent could cause a system slowdown by creating large files in the /tmp directory. To avoid a performance impact, you should limit the size of each tmpfs mount.

How to Limit the Size of the tmpfs File System

In this procedure, you base the size of the tmpfs file system on a percentage of system memory. You might try several values to achieve best system performance.

Before You Begin

To edit the vfstab file, you must become an administrator who is assigned the solaris.admin.edit/etc/vfstab authorization. To read the changes into the OS, you must be assigned the Service Configuration rights profile. The root role has all of these rights. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. Determine the amount of memory on your system.

    Note -  The SPARC T7 series system that is used for the following example has 32 disks. The system has around 500 GB of memory.
    % prtconf | head
    System Configuration:  Oracle Corporation  sun4v
    Memory size: 523776 Megabytes
    System Peripherals (Software Nodes):
    
    ORCL,SPARC-T7-1
        scsi_vhci, instance #0
            disk, instance #28
            disk, instance #29
            disk, instance #6
            disk, instance #5
            disk, instance #32
            ...
  2. Compute a memory limit for tmpfs.

    Depending on the size of the system memory, you might want to compute a memory limit of around 20 percent for large systems and around 30 percent for smaller systems.

    • For a larger system, use .20 as the multiplier.
      523776M x .20 ≈ 104755M
    • For a smaller system, use .30 as the multiplier.
      260352M x .30 ≈ 78105M
  3. Modify the swap entry in the /etc/vfstab file with the size limit.
    # pfedit /etc/vfstab
    #device     device       mount       FS      fsck    mount mount
    #to mount   to fsck      point       type    pass    at boot options
    #
    ...
    #swap       -            /tmp        tmpfs   -       yes     -
    swap        -            /tmp        tmpfs   -       yes     size=104700m
    /dev/zvol/dsk/rpool/swap   -      -  swap    -       no      - 
  4. Restart the svc:/system/filesystem/local:default service.
    # svcadm restart filesystem/local
  5. Verify that the size limit is in effect.
    % mount -v
    swap on /system/volatile type tmpfs
    read/write/setuid/devices/rstchown/xattr/dev=89c0006 on Thurs Feb 4 14:07:27 2016
    swap on /tmp type tmpfs
    read/write/setuid/devices/rstchown/xattr/size=104700m/dev=89c0006 on Thurs ...
  6. Monitor the memory usage and adjust it to the requirements of your site.

    The df command is somewhat useful. The swap command provides the most useful statistics.

    % df -h /tmp
    Filesystem Size Used Available Capacity Mounted on
    swap          7.  4G     44M    7.4G 1%       /tmp
    
    % swap -s
    total: 190248k bytes allocated + 30348k reserved = 220596k used,
    7743780k available 

    For more information, see the tmpfs(4FS), mount_tmpfs(8), df(8), and swap(8) man pages.