6,534
edits
Changes
added numpty, numsiginfo, dcachesize, numiptent
So, the limits on this parameter should be reasonable, depending
on the real requirements of the applications.
== numpty ==
Number of pseudo-terminals.
This parameter is usually used to limit the number of simultaneous shell
sessions.
The <code>barrier</code> should be set equal to the <code>limit</code>.
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between Virtual Environments.
Its configuration affects functionality and resource shortage reaction
of applications in the given Virtual Environment only.
However, in OpenVZ systems, the actual number of pseudo-terminals allowed
for one Virtual Environment is limited to <code>256</code>.
== numsiginfo ==
Number of <code>siginfo</code> structures.
The size of the structure is also accounted into <code>[[kmemsize]]</code>.
The default installations of stand-alone Linux systems limit this number
to <code>1024</code> for the whole system.
In OpenVZ installations, <code>numsiginfo</code> limit applies to each
Virtual Environment individually.
The <code>barrier</code> should be set equal to the <code>limit</code>.
Very high settings of the <code>limit</code> of this parameter may reduce
responsiveness of the system.
It is unlikely that any Virtual Environment will need the limit greater than
the Linux default — <code>1024</code>.
== dcachesize ==
The total size of <code>dentry</code> and <code>inode</code> structures locked in memory.
<code>Dcachesize</code> parameter controls filesystem-related caches, such as
directory entry (<code>dentry</code>) and inode caches.
The value accounted into <code>dcachesize</code> is also included into
<code>[[kmemsize]]</code>.
<code>Dcachesize</code> exists as a separate parameter to impose a limit causing
file operations to sense memory shortage and return an error to applications,
protecting from memory shortages during critical operations that shouldn't
fail.
The configuration of this parameter should have a
gap between the <code>barrier</code> and the <code>limit</code>, as illustrated in
[[UBC configuration examples]].
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between Virtual Environments.
Its configuration affects functionality and resource shortage reaction
of applications in the given Virtual Environment only.
== numiptent ==
The number of NETFILTER (IP packet filtering) entries.
The <code>barrier</code> should be set equal to the <code>limit</code>.
There is a restriction on the total number of <code>numiptent</code>.
It depends on the amount of other allocations in so called “vmalloc”
memory area and constitutes about <code>250000</code> entries.
Violation of this restriction may cause failures of operations with
IP packet filter tables (execution of <code>iptables(8)</code>)
in any Virtual Environment or the host system,
or failures of Virtual Environment starts.
Also, large <code>numiptent</code> cause considerable slowdown of processing
of network packets. It is not recommended to allow Virtual Environments
to create more than 200–300 <code>numiptent</code>.
