ZFS file systems are lightweight and can be encrypted, compressed, and configured with reserved space and disk space quotas.
The tmpfs file system can grow without bound. To prevent a denial of service (DoS) attack, complete How to Limit the Size of the tmpfs File System.
The following tasks configure a size limit for tmpfs and provide a glimpse of the protections that are available in ZFS, the default file system in Oracle Solaris. For additional information, see Setting ZFS Quotas and Reservations in Managing ZFS File Systems in Oracle Solaris 11.3 and the zfs(1M) man page.
|
The size of the tmpfs file system is not limited by default. Therefore, tmpfs can grow to fill the available system memory and swap. Because the /tmp directory is used by all applications and users, an application can fill all available system memory. Similarly, an unprivileged user with malicious intent could cause a system slowdown by creating large files in the /tmp directory. To avoid a performance impact, you can limit the size of each tmpfs mount.
You might try several values to achieve best system performance.
Before You Begin
To edit the vfstab file, you must become an administrator who is assigned the solaris.admin.edit/etc/vfstab authorization. To reboot the system, you must be assigned the Maintenance and Repair rights profile. The root role has all of these rights. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
% prtconf | head System Configuration: Oracle Corporation sun4v Memory size: 523776 Megabytes System Peripherals (Software Nodes): ORCL,SPARC-T3-4 scsi_vhci, instance #0 disk, instance #4 disk, instance #5 disk, instance #6 disk, instance #8
Depending on the size of the system memory, you might want to compute a memory limit of around 20 percent for large systems and around 30 percent for smaller systems.
So, for a smaller system, use .30 as the multiplier.
10240M x .30 ≈ 3072M
For a larger system, use .20 as the multiplier.
523776M x .20 ≈ 104755M
# pfedit /etc/vfstab #device device mount FS fsck mount mount #to mount to fsck point type pass at boot options # ... #swap - /tmp tmpfs - yes - swap - /tmp tmpfs - yes size=104700m /dev/zvol/dsk/rpool/swap - - swap - no -
# reboot
% mount -v swap on /system/volatile type tmpfs read/write/setuid/devices/rstchown/xattr/dev=89c0006 on Tues Feb 4 14:07:27 2014 swap on /tmp type tmpfs read/write/setuid/devices/rstchown/xattr/size=104700m/dev=89c0006 on Tues ...
The df command is somewhat useful. The swap command provides the most useful statistics.
% df -h /tmp Filesystem Size Used Available Capacity Mounted on swap 7. 4G 44M 7.4G 1% /tmp % swap -s total: 190248k bytes allocated + 30348k reserved = 220596k used, 7743780k available
For more information, see the tmpfs(7FS), mount_tmpfs(1M), df(1M), and swap(1M) man pages.