|
|
sys_attrs_proc(5)
Contents
|
sys_attrs_proc - system attributes for the proc kernel
subsystem
This reference page describes system attributes for the
Process (proc) kernel subsystem. See sys_attrs(5) for an
introduction to system attributes.
Do not edit the system configuration file to directly
change the value of system parameters; use the dxkerneltuner
application, the /sbin/sysconfig -r command, or the
sysconfigdb command to make such changes. See dxkerneltuner(8), sysconfig(8), and sysconfigdb(8) for more information
about your options for configuring kernel subsystems.
Attributes whose names are preceded by an asterisk(*) can
be modified at run time.
A value that enables (1) or disables (0) the ability
of applications that use more than 600 seconds
of CPU time to automatically increase their nice
values (that is, lower their scheduling priorities).
Default value: 0 (disabled)
The nice value that is assigned to a process after
it has used an amount of CPU time that exceeds the
value of the autonice_time attribute.
Default value: 4
Minimum value: 0
Maximum value: 20
The amount of CPU time, in seconds, that a process
can use before it is assigned the nice value that
is specified by the autonice_penalty attribute.
Default value: 600 (seconds)
Minimum value: 0
Maximum value: 86,400
A value that enables (1) or disables (0) the ability
of user processes to create core dumps. If disabled
(0), this attribute can prevent some denialof-service
attacks that are possible if the core
file and the directory where it is written are
inadequately protected and a privileged user is
running the program. By default, many applications
dump core files to the directory from which the
user invoked the program. If a privileged user
invoked such a program from a world-writeable
directory, such as /tmp, the /tmp/core pathname
could be spoofed into creating or overwriting a
file in a privileged location.
Default value: 1 (enabled)
Because core files provide important debugging
information to application maintainers, it is recommended
that this attribute be set to 0 (disabled)
only if the system is subject to denial-of-service
attacks.
This attribute can be modified at run time.
Note that programs can control the location of core
files by using the setsysinfo() call with an
SSI_COREDIR request. See setsysinfo(2) for more
information.
A value that enables (1) or disables (0) the ability
of applications running in setuid/setgid mode
to dump core.
Default value: 0 (disabled)
Core dumps from processes of applications running
in setuid/setgid mode can contain sensitive information
that might be used to compromise system
security. It is recommended that this attribute be
set to 1 (enabled) only for purposes of application
debugging and then returned to 0 (the default)
after the application is debugged.
This attribute can be modified at run time.
The maximum number of unique core files that a program
can create on a host system.
Default value: 16 (files)
Minimum value: 1
Maximum value: 99,999
This attribute can be modified at run time.
A value that enables (1) or disables (0) creation
of multiple versions of core files. If this
attribute is set to 0, an existing core file will
be overwritten when a new one is created.
Default value: 0 (disabled)
This attribute can be modified at run time.
A value that enables (1) or disables (0) a limit on
the number of arguments that a command can have
when it executes. When exec_disable_arg_limit is
set to one, there is no limit on the number of command
arguments other than a memory restriction
imposed by the user program stack size.
Default value: 0 (hard limit enforced)
This attribute can be modified at run time. It is
recommended that you set exec_disable_arg_limit to
1. The default value is in place because industry
standards currently require not only that a hard
limit be accessible to any programs executing a
command but also that an error be returned to the
program when this limit is reached. When exec_disable_arg_limit
is set to 1, the operating system
does not return an error because there is no hard
limit to enforce. Most programs that conform to
industry standards will continue to execute correctly
if this error is not returned.
A dynamic value that controls the allocation of
memory with both write and execute privileges in
order to reduce privileged process vulnerability to
buffer overflow exploits. All processes may allocate
writable and executable memory.
Default value: 0 (disabled)
Minimum value: 0
Maximum value: 53
Caution
Before changing executable_data from the default
value of 0, you must run the /usr/sbin/javaexecutedata
script. Otherwise, privileged java applications
will fail in unpredictable ways.
This attribute can be set to only one of five values.
The following list shows the five values and
describes what happens when a process executing as
root or a process running a setuid application
requests writeable, executable memory: The request
succeeds, and the process may allocate writeable
and executable memory. The request succeeds, but
the process receives only writeable memory. No message
is generated. This is the recommended value.
The request fails with an EACCES status. No message
is generated. The request succeeds, but the process
receives only writeable memory. A message is
generated. The request fails with an EACCES status,
and a message is generated.
A value that allows (1) or disallows (0) execute
privilege on the user program stack for programs
that would otherwise have this privilege. Disallowing
execute privilege on the user program stack
enhances system security but does not affect normal
programs.
Default value: 0 (disallowed)
This attribute can be modified at run time.
Although certain applications may require the program
stack to be executable, it is strongly recommended
that you set executable_stack to 1 only on
systems (such as those behind firewalls) that are
not vulnerable to security violations.
A value that enables (1) or disables (0) booting
the priority of processes that have recently awakened
from a block I/O operation. Setting this
attribute to 1 reduces I/O latency and may make the
system more responsive.
Default value: 1 (enabled)
Maximum amount, in bytes, of user process address
space.
Default value: 4,294,967,296 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
Maximum size, in bytes, of a data segment for each
process.
Default value: 1,073,741,824 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
Maximum size, in bytes, of a user process stack.
Default value: 33,554,432 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
Maximum number of processes (tasks) that a user can
create. (The superuser is not affected.)
Default value: 256 (processes)
Minimum value: 0
Maximum value: 524,287
If you specify 0 for this attribute, the system
does not check how many processes a user creates.
Maximum limit of threads a user can create. (The
superuser is not affected.)
Default value: 1024 (threads)
Minimum value: 0
Maximum value: LONG_MAX
If you specify 0 for this attribute, the system
does not check how many threads a user creates.
Number of simultaneous users that a system can support
without straining system resources. System
algorithms use the maxusers value to size various
system data structures and to determine the amount
of space allocated to system tables, such as the
system process table.
Default value: System dependent
Minimum value: 8 (users)
Maximum value: 16,384
Increasing the value of the maxusers attribute
allocates more system resources to the kernel.
However, it also increases the amount of physical
memory consumed by the kernel. Changing the value
of the maxusers attribute automatically adjusts the
values of other attributes, including the taskmax,
threadmax, and min_free_vnodes attributes if you
have not explicitly overridden the default values
for those attributes.
The maxusers value can be increased at run time.
It can be decreased only at boot time.
Minimum amount of memory that can be used for timeout
tables. The value of this attribute is automatically
adjusted.
Do not modify the default setting for this
attribute unless instructed to do so by support
personnel or by patch kit documentation.
The number of callout tables. This number determines
the size of the hash table for timeout
queues.
Default value: The number of process slots divided
by 32
Do not modify the default setting for this
attribute unless instructed to do so by support
personnel or by patch kit documentation. The size
of the hash table for the wait queue.
Default value: The number of process slots divided
by 32
Minimum value: 64
Maximum value: 262,143
Hard limit for the number of file descriptors for
each process.
Default value: The value of OPEN_MAX_SYSTEM, which
is 4096 (file descriptors)
Minimum value: 0
Maximum value: 65,536
If the number of file descriptors reaches the value
of the open_max_hard attribute or higher, the process
is stopped. The value for this limit can be
increased only in a program. Use the getdtablesize()
system call to obtain the total number of
file descriptors in a process' descriptor table.
You can determine the current open_max_hard limit
by using the getrlimit() system call and increase
the hard limit for a process by using the setsysinfo()
function with the SSI_FD_NEWMAX option.
The soft limit for the number of file descriptors
for a process.
Default value: The 4096 (file descriptors)
Minimum value: 0
Maximum value: open_max_hard
When the open_max_soft limit is reached, a warning
message is issued. Use the getdtablesize() system
call to obtain the total number of file descriptors
in a process' descriptor table. You can determine
the open_max_hard and open_max_soft limits by using
the getrlimit() system call and increase the soft
limit for a process up to its hard limit by using
the setrlimit() system call.
The maximum amount, in bytes, of user process
address space.
Default value: 4,294,967,296 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
Current maximum size, in bytes, of a data segment
for each process.
Default value: 134,217,728 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
The maximum size, in bytes, of a user process
stack.
Default value: 8,388,608 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
A value that determines (per second of CPU time)
the number of context switches that can occur
between processes with the same priority and the
timeslice allotted to each process.
Default value: 0 (100 context switches per second)
Minimum value: 0
Maximum value: hz
The system uses the following formula to compute
timeslice:
timeslice = hz / number_context_switches
The hz value is the timer interrupt frequency
(hertz) for one second of CPU time. This value is
dependent on hardware and is typically 1024 or
1200. (To determine the hz value on a particular
system, programmers can use the getsysinfo() call
with GSI_CLK_TCK as the op parameter.)
If round_robin_switch_rate is either 0 (zero) or
greater than hz, the system uses 100 for number_context_switches.
For example, if hz is 1024,
the resulting timeslice is 10 milliseconds, and if
hz is 1200, the resulting timeslice is 12 milliseconds:
timeslice = 1024 / 100 = 10
timeslice = 1200 / 100 = 12
If round_robin_switch_rate is greater than zero and
less than or equal to hz, then number_context_switches
is set to round_robin_switch_rate.
For example, changing round_robin_switch_rate from
0 to 20 decreases the number of context switches
and increases timeslice by a factor of five:
timeslice = 1024 / 20 = 51
timeslice = 1200 / 20 = 60
Context switching carries a certain amount of CPU
overhead. If a CPU consistently handles many large
jobs that do not complete quickly, a larger timeslice
(and fewer context switches) may improve
throughput. However, the tradeoff is reduced
response time for any interactive processes that
the CPU handles.
Time, in clock ticks, that a thread must remain
idle on a multiprocessor system before it is eligible
to migrate to another processor.
Default value: 0 (clock ticks)
Minimum value: 0
Maximum value: INT_MAX
This attribute is used to tune the soft affinity
algorithm on multiprocessor systems. Soft affinity
enables a process to stay where it last ran, and
thereby optimize its use of any data or instructions
that it had brought into cache memory. The
sched_min_idle attribute is used only on multiprocessor
systems; it has no effect on single-CPU systems.
Commands: dxkerneltuner(8), sysconfig(8), sysconfigdb(8)
Others: sys_attrs(5)
System Configuration and Tuning
sys_attrs_proc(5)
[ Back ] |
