[SoC] Jail Resource Limits

---

• From: Chris Jones <cdjones-freebsd-hackers@xxxxxxxxxxxxx>
• Date: Mon, 21 Aug 2006 05:09:44 -0600

---

Hi, folks: I've completed the Summer of Code work on the jail resource limits (http://wikitest.freebsd.org/JailResourceLimits); jails can now have soft-ish limits placed on their memory and CPU usage.

Briefly, when a jail uses more memory than its limit, pages are clawed back by a new kernel process, jpager. The clawback is at a configurable rate, though the proportion is currently fixed. When a jail uses more CPU time in proportion to total CPU time used than the number of its CPU usage shares to the total CPU usage shares, its processes are dropped in priority until it's had its fair share of the total CPU time; if there are no other processes that want to run, they'll use up as much CPU time as they otherwise would.

We have a new command, jtune(8), which allows you to change the memory limit and CPU shares for a jail while it's running. You can also set these when a jail's created. Note that some sysctls need to be set (see jail(8) for details) before the limits will be enforced.

A tarball with everything you need to build the experimental kernel can be at http://www.ualberta.ca/~cdjones/cdjones_jail_soc2006.tgz --- please read the INSTALL document in docs/ carefully, as it's pretty easy to trash your libc.so. The tarball is against RELENG_6 as of a few hours ago; I expect to port it to CURRENT sometime this week, once I build CURRENT on the desktop whose libc.so I trashed while writing docs/INSTALL. :)

I look forward to your feedback.

Cheers,

Chris
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

---

• Prev by Date: Re: global data via module howto
• Next by Date: Relative paths [was: Path transformation]
• Previous by thread: Aqcuiring full path to running process from outside the kernel
• Next by thread: Re: [SoC] Jail Resource Limits
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Jail limits ... there is any initiative to implements limits (like cpu limits, memory ... inside a jail? ... (freebsd-questions) jail process limits ... I've got a jail server which runs a bunch of web site development environments. ... If I try to start an application server as user httpd in one of the jails, it exits immediately with "Cannot fork: Resource temporarily unavailable". ... Why am I getting the resource unavailable when I barely have 230 processes, not even close to the limits. ... (freebsd-stable) Re: Linux kernels DoSable by file-max limit ... Simply limit users, PAM provides this capability, as do most shells. ... PAM limits provide a single standardized interface to setting ... instead of having to write complex shell configuration files ... Of course limiting CPU time is one of the classic administrative tasks, ... (Bugtraq) Re: A way to guarentee 2% of CPU not in use? ... > You can try adjust the various limits for your normal user account in ... of processes were in contention for CPU time. ... (Ubuntu) Re: jail & security ... > On Thu, 23 Aug 2001, Alexey Zakirov wrote: ... >> actually can given the right patches to the jail subsystem. ... the cpu/memory limits were being properly limited by login.conf. ... This is obviously required allot of memory/CPU. ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > hackers  > 2006-08