Information Technology Reference
In-Depth Information
After the Container is rebooted, this value can be queried with the following
command:
GZ# prctl -n zone.max-locked-memory -t privileged -i zone web
zone: 6: web
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
zone.max-locked-memory privileged 20.0MB - deny -
This resource constraint can also be dynamically changed for a running
Container:
GZ# prctl -n zone.max-locked-memory -v 4g -t privileged -r -e deny \
-i zone web
Because the proc_lock_memory privilege is included in a Container's default
privilege set, we strongly encourage the use of this memory cap.
Yo u c a n v i e w t h e c u r r e n t a m o u n t o f m e m o r y t h a t a C o n t a i n e r h a s l o c k e d w i t h
kstat :
GZ# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 myzone running /rpool/Zones/myzone native shared
GZ# kstat 'caps:1:lockedmem_zone_1:usage'
module: caps instance: 1
name: lockedmem_zone_1 class: zone_caps
usage 4096
6.2.2.3 Miscellaneous Controls
One method that is well known for over-consuming system resources is a fork-
bomb. This method does not necessarily consume a great deal of memory or CPU
resources, but rather seeks to use up all of the process slots in the kernel's process
table. In Oracle Solaris, a running process starts with just one thread of execution,
also called a lightweight process (LWP). Many programs generate new threads, be-
coming multithreaded processes. By default, Solaris systems with a 64-bit kernel
can run more than 85,000 LWPs simultaneously. A zone that has booted but is not
yet running any applications will have between 100 and 150 LWPs. To prevent a
Container from creating too many LWPs, a limit can be set on their use. The fol-
lowing command sets a limit of 300 LWPs for the Container:
 
Search WWH ::




Custom Search