Solaris Test LWPS Fork–bombs and Zone – Resource Control

Solaris Test LWPS Fork–bombs and Zone – Resource Control

1. As an end-user create a number of Lightweight processess using the following script which should be located in a test-zone:

#!/bin/ksh

# Script test-fork-bomb.ksh

maxlwps=500

i=0

#

#

echo ‘_________________________________________________’

echo ”

echo “Starting $maxlwps processes”

while [ $i -lt $maxlwps ]

do

i=$(($i+1))

echo “Starting process $i”

sleep 20 &

done

echo ‘_________________________________________________’

echo ”

echo “Started $i Processess”

As you will notice, the number of processes / threads that the end user can start is virtually unlimited¹. The effect can be disastrous if the processes table were to fill up completely and your Application server will experience fork – failures.

1. From the global zone, set the resource control for the maximum NLWPS:

global# zonecfg -z testzone

zonecfg:testzone> add rctl

zonecfg:testzone:rctl> set name=zone.max-lwps

zonecfg:testzone:rctl> add value (priv=privileged,limit=250,action=deny)

zonecfg:testzone:rctl> end

zonecfg:testzone> commit

zonecfg:testzone> exit

1. Reboot the zone and check the impact

global# zlogin testzone init 6

Here we will use the “Global – Log action” once the zone exceeds the number of LWPS within the zone, to syslogd:

global# rctladm -e syslog=warning zone.max-lwps

→ this will edit /etc/rctladm.conf:

zone.max-lwps=syslog=warning

global# zlogin testzone

global# su – guest

global# ./test-fork-bomb.ksh

You should notice that the number of processess started will be less than 500.

The logging within the Global Zone:

global# dmesg

Feb 17 20:27:59 laks genunix: [ID 757042 kern.notice] privileged rctl zone.max-lwps (value 250) exceeded by process 27734 in zone testzone.

Feb 17 20:28:01 laks genunix: [ID 757042 kern.notice] privileged rctl zone.max-lwps (value 250) exceeded by process 27735 in zone testzone.

1. Check the impact when changing the rctl – clause in the .xml file

Change the setting for the resource control in the .xml file to:

value (priv=privileged,limit=250,action=none)

Run the script again, and notice that the number of LWPS will no longer be limited to 250.