bash-3.00# projadd -K 'task.max-lwps=(privileged,2,deny)' test
bash-3.00# cat /etc/project
system:0::::
user.root:1::::
noproject:2::::
default:3::::
group.staff:10::::
limitedusers:100::linges::process.max-file-descriptor=(privileged,8192,deny)
test:101::::task.max-lwps=(privileged,2,deny)
bash-3.00# newtask -p test bash ------------>First lwp process
bash-3.00# id -p
uid=0(root) gid=0(root) projid=101(test)
bash-3.00# ps -o project,taskid -p $$
PROJECT TASKID
test 98
bash-3.00# bash ------------------------------------>Second lwp process
bash-3.00# bash
bash: fork: Resource temporarily unavailable
bash-3.00# bash
bash: fork: Resource temporarily unavailable
bash-3.00# rctladm -e syslog process.max-file-descriptor
bash-3.00# rctladm
process.max-port-events syslog=off [ deny count ]
process.max-msg-messages syslog=off [ deny count ]
process.max-msg-qbytes syslog=off [ deny bytes ]
process.max-sem-ops syslog=off [ deny count ]
process.max-sem-nsems syslog=off [ deny count ]
process.max-address-space syslog=off [ lowerable deny no-signal bytes ]
process.max-file-descriptor syslog=notice [ lowerable deny count ]
process.max-core-size syslog=off [ lowerable deny no-signal bytes ]
process.max-stack-size syslog=off [ lowerable deny no-signal bytes ]
process.max-data-size syslog=off [ lowerable deny no-signal bytes ]
process.max-file-size syslog=off [ lowerable deny file-size bytes ]
process.max-cpu-time syslog=off [ lowerable no-deny cpu-time inf seconds ]
task.max-cpu-time syslog=off [ no-deny cpu-time no-obs inf seconds ]
task.max-lwps syslog=off [ count ]
project.max-contracts syslog=off [ no-basic deny count ]
project.max-device-locked-memory syslog=off [ no-basic deny bytes ]
project.max-locked-memory syslog=off [ no-basic deny bytes ]
project.max-port-ids syslog=off [ no-basic deny count ]
project.max-shm-memory syslog=off [ no-basic deny bytes ]
project.max-shm-ids syslog=off [ no-basic deny count ]
project.max-msg-ids syslog=off [ no-basic deny count ]
project.max-sem-ids syslog=off [ no-basic deny count ]
project.max-crypto-memory syslog=off [ no-basic deny bytes ]
project.max-tasks syslog=off [ no-basic count ]
project.max-lwps syslog=off [ no-basic count ]
project.cpu-cap syslog=off [ no-basic deny no-signal inf count ]
project.cpu-shares syslog=n/a [ no-basic no-deny no-signal no-syslog count ]
zone.max-swap syslog=off [ no-basic deny bytes ]
zone.max-locked-memory syslog=off [ no-basic deny bytes ]
zone.max-shm-memory syslog=off [ no-basic deny bytes ]
zone.max-shm-ids syslog=off [ no-basic deny count ]
zone.max-sem-ids syslog=off [ no-basic deny count ]
zone.max-msg-ids syslog=off [ no-basic deny count ]
zone.max-lwps syslog=off [ no-basic count ]
zone.cpu-cap syslog=off [ no-basic deny no-signal inf count ]
zone.cpu-shares syslog=n/a [ no-basic no-deny no-signal no-syslog count ]
By default syslog,will be enabled as “notice”. If you want to set the syslog level to debug ,you can use below command.
bash-3.00# rctladm -e syslog=debug task.max-lwps
bash-3.00# rctladm |grep task.max-lwps
task.max-lwps syslog=debug [ count ]
For testing purpose,Here i am setting the max-lwps to 5 for sshd .so your sshd daemon allow the system to create 5lwps.once its reached the limit,you cannot to the system using ssh.
# prctl -n task.max-lwps -v 5 -t privileged -d all `pgrep sshd`
I tried to ssh this machine using putty and it allowed 4 session,when try to take a 5th one, got error “connected terminated unexpectedly “ .It means ,system is not allowing ssh process to create more than 5lwp process.You can see this error is logged in messages file.
# tail -f /var/adm/messages
Jul 2 07:47:20 sfos e1000g: [ID 801725 kern.info] NOTICE: pci8086,100f - e1000g[0] : link up, 1000 Mbps, full duplex
Jul 2 07:47:20 sfos in.routed[1212]: [ID 300549 daemon.warning] interface e1000g0 to 192.168.10.29 restored
Jul 2 09:31:14 sfos genunix: [ID 748619 kern.notice] privileged rctl task.max-lwps (value 5) exceeded by process 28555 in task 71.
^C
To Disable to syslog ,
bash-3.00# rctladm -d syslog process.max-file-descriptor
bash-3.00# rctladm
process.max-port-events syslog=off [ deny count ]
process.max-msg-messages syslog=off [ deny count ]
process.max-msg-qbytes syslog=off [ deny bytes ]
process.max-sem-ops syslog=off [ deny count ]
process.max-sem-nsems syslog=off [ deny count ]
process.max-address-space syslog=off [ lowerable deny no-signal bytes ]
process.max-file-descriptor syslog=off [ lowerable deny count ]
process.max-core-size syslog=off [ lowerable deny no-signal bytes ]
process.max-stack-size syslog=off [ lowerable deny no-signal bytes ]
process.max-data-size syslog=off [ lowerable deny no-signal bytes ]
process.max-file-size syslog=off [ lowerable deny file-size bytes ]
process.max-cpu-time syslog=off [ lowerable no-deny cpu-time inf seconds ]
task.max-cpu-time syslog=off [ no-deny cpu-time no-obs inf seconds ]
task.max-lwps syslog=off [ count ]
project.max-contracts syslog=off [ no-basic deny count ]
project.max-device-locked-memory syslog=off [ no-basic deny bytes ]
project.max-locked-memory syslog=off [ no-basic deny bytes ]
project.max-port-ids syslog=off [ no-basic deny count ]
project.max-shm-memory syslog=off [ no-basic deny bytes ]
project.max-shm-ids syslog=off [ no-basic deny count ]
project.max-msg-ids syslog=off [ no-basic deny count ]
project.max-sem-ids syslog=off [ no-basic deny count ]
project.max-crypto-memory syslog=off [ no-basic deny bytes ]
project.max-tasks syslog=off [ no-basic count ]
project.max-lwps syslog=off [ no-basic count ]
project.cpu-cap syslog=off [ no-basic deny no-signal inf count ]
project.cpu-shares syslog=n/a [ no-basic no-deny no-signal no-syslog count ]
zone.max-swap syslog=off [ no-basic deny bytes ]
zone.max-locked-memory syslog=off [ no-basic deny bytes ]
zone.max-shm-memory syslog=off [ no-basic deny bytes ]
zone.max-shm-ids syslog=off [ no-basic deny count ]
zone.max-sem-ids syslog=off [ no-basic deny count ]
zone.max-msg-ids syslog=off [ no-basic deny count ]
zone.max-lwps syslog=off [ no-basic count ]
zone.cpu-cap syslog=off [ no-basic deny no-signal inf count ]
zone.cpu-shares syslog=n/a [ no-basic no-deny no-signal no-syslog count ]
To check the task value,
bash-3.00# prctl -n task.max-lwps $$
process: 29525: bash
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
task.max-lwps
privileged 5 - deny -
privileged 40 - none -
system 2.15G max deny -
Using pid also we can check the resource control limit for that process.
# prctl 29513
process: 29513: /usr/lib/ssh/sshd
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
process.max-port-events
privileged 65.5K - deny -
system 2.15G max deny -
process.max-msg-messages
privileged 8.19K - deny -
system 4.29G max deny -
process.max-msg-qbytes
privileged 64.0KB - deny -
system 16.0EB max deny -
process.max-sem-ops
privileged 512 - deny -
system 2.15G max deny -
process.max-sem-nsems
privileged 512 - deny -
system 32.8K max deny -
process.max-address-space
privileged 16.0EB max deny -
system 16.0EB max deny -
process.max-file-descriptor
basic 256 - deny 29513
privileged 65.5K - deny -
system 2.15G max deny -
process.max-core-size
privileged 8.00EB max deny -
system 8.00EB max deny -
process.max-stack-size
basic 10.0MB - deny 29513
privileged 125TB - deny -
system 125TB max deny -
process.max-data-size
privileged 16.0EB max deny -
system 16.0EB max deny -
process.max-file-size
privileged 8.00EB max deny,signal=XFSZ -
system 8.00EB max deny -
process.max-cpu-time
privileged 18.4Es inf signal=XCPU -
system 18.4Es inf none -
task.max-cpu-time
system 18.4Es inf none -
task.max-lwps
privileged 5 - deny -
privileged 40 - none -
system 2.15G max deny -
project.max-contracts
privileged 10.0K - deny -
system 2.15G max deny -
project.max-device-locked-memory
privileged 63.5MB - deny -
system 16.0EB max deny -
project.max-locked-memory
system 16.0EB max deny -
project.max-port-ids
privileged 8.19K - deny -
system 65.5K max deny -
project.max-shm-memory
privileged 254MB - deny -
system 16.0EB max deny -
project.max-shm-ids
privileged 128 - deny -
system 16.8M max deny -
project.max-msg-ids
privileged 128 - deny -
system 16.8M max deny -
project.max-sem-ids
privileged 128 - deny -
system 16.8M max deny -
project.max-crypto-memory
privileged 254MB - deny -
system 16.0EB max deny -
project.max-tasks
system 2.15G max deny -
project.max-lwps
system 2.15G max deny -
project.cpu-cap
system 4.29G inf deny -
project.cpu-shares
privileged 1 - none -
system 65.5K max none -
zone.max-swap
system 16.0EB max deny -
zone.max-locked-memory
system 16.0EB max deny -
zone.max-shm-memory
system 16.0EB max deny -
zone.max-shm-ids
system 16.8M max deny -
zone.max-sem-ids
system 16.8M max deny -
zone.max-msg-ids
system 16.8M max deny -
zone.max-lwps
system 2.15G max deny -
zone.cpu-cap
system 4.29G inf deny -
zone.cpu-shares
privileged 1 - none -
system 65.5K max none
Thank you for reading this article.Please leave a comment if you have any doubt. I will get back to you.
Leave a Reply