2,253
edits
Changes
m
Virtual Environmentcontainer.The sum of the <code>physpages</code> usage for all Virtual Environmentscontainers
Virtual Environmentscontainers.
Virtual Environment container individually.
Robot: Automated text replacement (-Virtual Environment +container)
Another example. Each object such as opened file or established network
connection consume certain resources. When the Virtual Environmentcontainer
is close to exhaustion of the resources allowed to him, it is
usually better to refuse creation of new object than to allow it but deny
<li>
These parameters improve fault isolation between applications in the
same Virtual Environmentcontainer. Failures or misbehavior of one applicationinside a Virtual Environment container is more likely to cause hitting a
limit on some auxiliary parameter and normal termination of this mis-
behaving application, rather than abnormal termination of some other
long-running application inside the same Virtual Environmentcontainer.
</li>
<li>
These parameters may be used to impose some administrative limits
on the Virtual Environment container (for example, to not allow the user to run
database servers by limiting the amount of [[shmpages]], or limiting the
number of simultaneous shell sessions through [[numpty]]).
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between Virtual Environmentscontainers.
Its configuration affects functionality and resource shortage reaction
of applications in the given Virtual Environment container only.
== shmpages ==
The <code>barrier</code> should be set equal to the <code>limit</code>.
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between Virtual Environmentscontainers.
Its configuration affects functionality and resource shortage reaction
of applications in the given Virtual Environment container only.
== physpages ==
Total number of RAM pages used by processes in this Virtual Environmentcontainer.
For memory pages used by several different Virtual Environments containers (mappings of
shared libraries, for example), only a fraction of a page is charged to each
corresponds to the total number of pages used in the system by all
<code>Physpages</code> is an accounting-only parameter currently.
The <code>barrier</code> should be set equal to the <code>limit</code>.
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between Virtual Environmentscontainers.
Its configuration affects functionality and resource shortage reaction
of applications in the given Virtual Environment container only.
== numflock ==
The <code>barrier</code> should be set equal to the <code>limit</code>.
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between Virtual Environmentscontainers.
Its configuration affects functionality and resource shortage reaction
of applications in the given Virtual Environment container only.
However, in OpenVZ systems, the actual number of pseudo-terminals allowed
for one Virtual Environment container is limited to <code>256</code>.
== numsiginfo ==
to <code>1024</code> for the whole system.
In OpenVZ installations, <code>numsiginfo</code> limit applies to each
The <code>barrier</code> should be set equal to the <code>limit</code>.
Very high settings of the <code>limit</code> of this parameter may reduce
responsiveness of the system.
It is unlikely that any Virtual Environment container will need the limit greater than
the Linux default — <code>1024</code>.
[[UBC configuration examples]].
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between Virtual Environmentscontainers.
Its configuration affects functionality and resource shortage reaction
of applications in the given Virtual Environment container only.
== numiptent ==
Violation of this restriction may cause failures of operations with
IP packet filter tables (execution of <code>iptables(8)</code>)
in any Virtual Environment container or the host system,or failures of Virtual Environment container starts.
Also, large <code>numiptent</code> cause considerable slowdown of processing
of network packets. It is not recommended to allow Virtual Environmentscontainers
to create more than 200–300 <code>numiptent</code>.
