Changes

connection consume certain resources. When the Virtual Environmentcontainer

same Virtual Environmentcontainer. Failures or misbehavior of one applicationinside a Virtual Environment container is more likely to cause hitting a

long-running application inside the same Virtual Environmentcontainer.

on the Virtual Environment container (for example, to not allow the user to run

stability of the whole system or isolation between Virtual Environmentscontainers.

of applications in the given Virtual Environment container only.

stability of the whole system or isolation between Virtual Environmentscontainers.

of applications in the given Virtual Environment container only. == physpages ==Total number of RAM pages used by processes in a container. For memory pages used by several different containers (mappings ofshared libraries, for example), only a fraction of a page is charged to eachcontainer.The sum of the <code>physpages</code> usage for all containerscorresponds to the total number of pages used in the system by allcontainers. For [[VSwap]]-enabled kernels, the <code>barrier</code> should be set to 0,and the <code>limit</code> limits the total size of RAM used by a container. For older kernels, <code>physpages</code> is an accounting-only parameter.The <code>barrier</code> should be set to <code>0</code> and the<code>limit</code> to 'unlimited' ([[LONG_MAX]]). == numfile ==Number of open files. The <code>barrier</code> should be set equal to the <code>limit</code>.The configuration of this parameter doesn't affect security andstability of the whole system or isolation between containers.Its configuration affects functionality and resource shortage reactionof applications in the given container only. Note: actually currently adjusting the <code>barrier</code> will change the kernel behaviour on "pre-charging" the numfile resource. If you change one you will most likely not notice any changes in container behaviour at all. This ability was added for researching purposes purely. == numflock ==Number of file locks. The configuration of this parameter should have agap between the <code>barrier</code> and the <code>limit</code>, as illustrated in[[UBC configuration examples]]. Very high limits on <code>numflock</code> parameters and the big numberof file locks in the system may cause certain slowdown ofthe whole system (but not fatal).So, the limits on this parameter should be reasonable, dependingon the real requirements of the applications. == numpty ==Number of pseudo-terminals. This parameter is usually used to limit the number of simultaneous shellsessions.The <code>barrier</code> should be set equal to the <code>limit</code>.The configuration of this parameter doesn't affect security andstability of the whole system or isolation between containers.Its configuration affects functionality and resource shortage reactionof applications in the given container only.However, in OpenVZ systems, the actual number of pseudo-terminals allowedfor one container is limited to <code>256</code>. == numsiginfo ==Number of <code>siginfo</code> structures. The size of the structure is also accounted into <code>[[kmemsize]]</code>.The default installations of stand-alone Linux systems limit this numberto <code>1024</code> for the whole system.In OpenVZ installations, <code>numsiginfo</code> limit applies to eachcontainer individually. The <code>barrier</code> should be set equal to the <code>limit</code>.Very high settings of the <code>limit</code> of this parameter may reduceresponsiveness of the system.It is unlikely that any container will need the limit greater thanthe Linux default — <code>1024</code>. == dcachesize ==The total size of <code>dentry</code> and <code>inode</code> structures locked in memory. <code>Dcachesize</code> parameter controls filesystem-related caches, such asdirectory entry (<code>dentry</code>) and inode caches.The value accounted into <code>dcachesize</code> is also included into<code>[[kmemsize]]</code>. <code>Dcachesize</code> exists as a separate parameter to impose a limit causingfile operations to sense memory shortage and return an error to applications,protecting from memory shortages during critical operations that shouldn'tfail. The configuration of this parameter should have agap between the <code>barrier</code> and the <code>limit</code>, as illustrated in[[UBC configuration examples]].The configuration of this parameter doesn't affect security andstability of the whole system or isolation between containers.Its configuration affects functionality and resource shortage reactionof applications in the given container only. == numiptent ==The number of NETFILTER (IP packet filtering) entries. The <code>barrier</code> should be set equal to the <code>limit</code>.There is a restriction on the total number of <code>numiptent</code>.It depends on the amount of other allocations in so called “vmalloc”memory area and constitutes about <code>250000</code> entries.Violation of this restriction may cause failures of operations withIP packet filter tables (execution of <code>iptables(8)</code>)in any container or the host system,or failures of container starts. Also, large <code>numiptent</code> cause considerable slowdown of processingof network packets. It is not recommended to allow containersto create more than 200–300 <code>numiptent</code>. == swappages == The amount of swap space to show in container. {{Note|this parameter is only available in RHEL5-based kernel since version 028stab060.2, in 2.6.27 since kiprensky.}} The configuration of this parameter doesn't affect security andstability of the whole system or isolation between containers.Its configuration only affects the way OpenVZ kernel reports aboutavailable swap in a container. This is needed for some applicationswhich refuse to run inside a container unless the kernelreport that no less than some specific amount of swap is available. If <code>limit</code> is set, its value is reported as the amountof total swap space in a container. If the <code>limit</code> is set to [[LONG_MAX]] (which is thein-kernel default for this parameter), all the swap space valuesparameters (total, used, free) are reported as 0. The value of <code>barrier</code> for this beancounter is ignored. The value of <code>held</code> shows how much swap spaceis currently being used for this container.