Although zones have a parameter zone.max-lwps, there isn''t a good way
to cap the number of processes that a zone can have. Someone else came up with
an idea: use DTrace to achieve something similar by killing off the process that
tried to create the MAX+1 process. I filled in some details resulting in this
DTrace script:
#! dtrace
fbt::zone_uniqid:entry
{
pcount[zonename]=0;
trace(zonename);
}
proc:::create
/zonename != "global"/
{
pcount[zonename]++;
trace(pcount[zonename]);
}
proc:::create
/zonename != "global" && pcount[zonename]>500 &&
uid != 0/
{ trace("killing proc"); raise(9); }
proc:::exit
/zonename != "global"/
{ pcount[zonename]--; trace(pcount[zonename]);}
It would be much nicer if the "proc:::create" didn''t kill off
the parent process, but instead caused the process-creation to fail.
Is it possible for DTrace to affect the path of execution, effectively causing
the fork() to fail, instead of just killing the parent?
This message posted from opensolaris.org