P. 1


|Views: 780|Likes:
Published by tashtiot
solaris zones
solaris zones

More info:

Published by: tashtiot on Jun 21, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





One well-known method to over-consume system resources is a fork-bomb. This method

does not necessarily consume a great deal of memory or CPU resources, but rather

seeks to use up all of the process slots in the kernel’s process table. In the Solaris OS, a

running process starts with just one thread of execution, also called a Light Weight

Process (LWP). Many programs generate new threads, becoming multithreaded

processes. By default, Solaris systems with a 64-bit kernel can run over 85,000 LWPs

simultaneously. A booted zone that is not yet running any applications has

approximately 100 to 150 LWPs. To prevent a zone from using too many LWPs, a limit

can be set on their use. The following command sets a limit of 300 LWPs for a zone.

global# zonecfg -z web
zonecfg:web> add dedicated-cpu
zonecfg:web:dedicated-cpu> set ncpus=2-4
zonecfg:web:dedicated-cpu> set importance=5
zonecfg:web:dedicated-cpu> end
zonecfg:web> exit

global# zoneadm -z web reboot

global# zonecfg -z web
zonecfg:web> set max-lwps=300
zonecfg:web> exit

global# zoneadm -z web reboot


Understanding the Security Capabilities of Solaris Zones Software

Sun Microsystems, Inc.

This parameter can be used, but should not be set so low that it impacts normal

application operation. An accurate baseline for the number of LWPs for a given zone

should be determined in order to set this valuable at an appropriate level. The number

of LWPs used by a zone can be monitored using the following prstat command.

In this example, the web zone currently has 108 LWPs. This value changes as processes

are created or exit. It should be inspected over a period of time in order to establish a

more reliable baseline, and updated when the software, requirements, or workload


Using the max-lwps resource control successfully usually requires the use of a CPU

control, such as the FSS or pools to ensure that there is enough CPU power in the

global zone for the platform administrator to fix any problems that might arise.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->