unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



sys_attrs_proc(5)					    sys_attrs_proc(5)
Patchkit 5							   Patchkit 5



NAME

  sys_attrs_proc - system attributes for the proc kernel subsystem

DESCRIPTION

  This reference page describes	system attributes for the Process (proc) ker-
  nel subsystem. See sys_attrs(5) for an introduction to system	attributes.

  Do not edit the system configuration file to directly	change the value of
  system parameters; use the dxkerneltuner application,	the /sbin/sysconfig
  -r command, or the sysconfigdb command to make such changes.	See dxkernel-
  tuner(8), sysconfig(8), and sysconfigdb(8) for more information about	your
  options for configuring kernel subsystems.

  Attributes whose names are preceded by an asterisk(*)	can be modified	at
  run time.



  autonice
      A	value that enables (1) or disables (0) the ability of applications
      that use more than 600 seconds of	CPU time to automatically increase
      their nice values	(that is, lower	their scheduling priorities).

      Default value: 0 (disabled)



  autonice_penalty
      The nice value that is assigned to a process after it has	used an
      amount of	CPU time that  exceeds the value of the	autonice_time attri-
      bute.

      Default value: 4

      Minimum value: 0

      Maximum value: 20



  autonice_time
      The amount of CPU	time, in seconds, that a process can use before	it is
      assigned the nice	value that is specified	by the autonice_penalty
      attribute.

      Default value: 600 (seconds)

      Minimum value: 0

      Maximum value: 86,400



  * dump_cores
      A	value that enables (1) or disables (0) the ability of user processes
      to create	core dumps. If disabled	(0), this attribute can	prevent	some
      denial-of-service	attacks	that are possible if the core file and the
      directory	where it is written are	inadequately protected and a
      privileged user is running the program. By default, many applications
      dump core	files to the directory from which the user invoked the pro-
      gram. If a privileged user invoked such a	program	from a world-
      writeable	directory, such	as /tmp, the /tmp/core pathname	could be
      spoofed into creating or overwriting a file in a privileged location.

      Default value: 1 (enabled)

      Because core files provide important debugging information to applica-
      tion maintainers,	it is recommended that this attribute be set to	0
      (disabled) only if the system is subject to denial-of-service attacks.

      This attribute can be modified at	run time.

      Note that	programs can control the location of core files	by using the
      setsysinfo() call	with an	SSI_COREDIR request. See setsysinfo(2) for
      more information.



  * dump_setugid_cores
      A	value that enables (1) or disables (0) the ability of applications
      running in setuid/setgid mode to dump core.

      Default value: 0 (disabled)

      Core dumps from processes	of applications	running	in setuid/setgid mode
      can contain sensitive information	that might be used to compromise sys-
      tem security. It is recommended that this	attribute be set to 1
      (enabled)	only for purposes of application debugging and then returned
      to 0 (the	default) after the application is debugged.

      This attribute can be modified at	run time.



  * enhanced_core_max_versions
      The maximum number of unique core	files that a program can create	on a
      host system.

      Default value: 16	(files)

      Minimum value: 1

      Maximum value: 99,999

      This attribute can be modified at	run time.



  * enhanced_core_name
      A	value that enables (1) or disables (0) creation	of multiple versions
      of core files.  If this attribute	is set to 0, an	existing core file
      will be overwritten when a new one is created.

      Default value: 0 (disabled)

      This attribute can be modified at	run time.



  * exec_disable_arg_limit
      A	value that enables (1) or disables (0) a limit on the number of	argu-
      ments that a command can have when it executes. When
      exec_disable_arg_limit is	set to one, there is no	limit on the number
      of command arguments other than a	memory restriction imposed by the
      user program stack size.

      Default value: 0 (hard limit enforced)

      This attribute can be modified at	run time. It is	recommended that you
      set exec_disable_arg_limit to 1. The default value is in place because
      industry standards currently require not only that a hard	limit be
      accessible to any	programs executing a command but also that an error
      be returned to the program when this limit is reached. When
      exec_disable_arg_limit is	set to 1, the operating	system does not
      return an	error because there is no hard limit to	enforce. Most pro-
      grams that conform to industry standards will continue to	execute
      correctly	if this	error is not returned.



  * executable_data
      A	dynamic	value that controls the	allocation of memory with both write
      and execute privileges in	order to reduce	privileged process vulnera-
      bility to	buffer overflow	exploits.  All processes may allocate writ-
      able and executable memory.

      Default value: 0 (disabled)

      Minimum value: 0

      Maximum value: 53


				      Caution

	 Before	changing executable_data from the default value	of 0, you
	 must run the /usr/sbin/javaexecutedata	script.	Otherwise, privileged
	 java applications will	fail in	unpredictable ways.

      This attribute can be set	to only	one of five values. The	following
      list shows the five values and describes what happens when a process
      executing	as root	or a process running a setuid application requests
      writeable, executable memory:

      0	  The request succeeds,	and the	process	may allocate writeable and
	  executable memory.

      5	  The request succeeds,	but the	process	receives only writeable
	  memory. No message is	generated. This	is the recommended value.

      21  The request fails with an EACCES status. No message is generated.

      37  The request succeeds,	but the	process	receives only writeable
	  memory. A message is generated.

      53  The request fails with an EACCES status, and a message is gen-
	  erated.



  * executable_stack
      A	value that allows (1) or disallows (0) execute privilege on the	user
      program stack for	programs that would otherwise have this	privilege.
      Disallowing execute privilege on the user	program	stack enhances system
      security but does	not affect normal programs.

      Default value: 0 (disallowed)

      This attribute can be modified at	run time. Although certain applica-
      tions may	require	the program stack to be	executable, it is strongly
      recommended that you set executable_stack	to 1 only on systems (such as
      those behind firewalls) that are not vulnerable to security violations.



  give_boost
      A	value that enables (1) or disables (0) booting the priority of
      processes	that have recently awakened from a block I/O operation.	Set-
      ting this	attribute to 1 reduces I/O latency and may make	the system
      more responsive.

      Default value: 1 (enabled)



  max_per_proc_address_space
      Maximum amount, in bytes,	of user	process	address	space.

      Default value: 4,294,967,296 (bytes)

      Minimum value: 0

      Maximum value: 4,398,046,511,104



  max_per_proc_data_size
      Maximum size, in bytes, of a data	segment	for each process.

      Default value:  1,073,741,824 (bytes)

      Minimum value: 0

      Maximum value:  4,398,046,511,104



  max_per_proc_stack_size
      Maximum size, in bytes, of a user	process	stack.

      Default value: 33,554,432	(bytes)

      Minimum value: 0

      Maximum value: 4,398,046,511,104



  max_proc_per_user
      Maximum number of	processes (tasks) that a user can create.  (The
      superuser	is not affected.)

      Default value: 256 (processes)

      Minimum value: 0

      Maximum value: 524,287

      If you specify 0 for this	attribute, the system does not check how many
      processes	a user creates.



  max_threads_per_user
      Maximum limit of threads a user can create.  (The	superuser is not
      affected.)

      Default value: 1024 (threads)

      Minimum value: 0

      Maximum value: LONG_MAX

      If you specify 0 for this	attribute, the system does not check how many
      threads a	user creates.



  * maxusers
      Number of	simultaneous users that	a system can support without strain-
      ing system resources.  System algorithms use the maxusers	value to size
      various system data structures and to determine the amount of space
      allocated	to system tables, such as the system process table.

      Default value: System dependent

      Minimum value: 8 (users)

      Maximum value: 16,384

      Increasing the value of the maxusers attribute allocates more system
      resources	to the kernel.	However, it also increases the amount of phy-
      sical memory consumed by the kernel. Changing the	value of the maxusers
      attribute	automatically adjusts the values of other attributes, includ-
      ing the taskmax, threadmax, and min_free_vnodes attributes if you	have
      not explicitly overridden	the default values for those attributes.

      The maxusers value can be	increased at run time.	It can be decreased
      only at boot time.



  ncallout_alloc_size
      Minimum amount of	memory that can	be used	for timeout tables. The	value
      of this attribute	is automatically adjusted.

      Do not modify the	default	setting	for this attribute unless instructed
      to do so by support personnel or by patch	kit documentation.



  num_timeout_hash_queues
      The number of callout tables. This number	determines the size of the
      hash table for timeout queues.

      Default value: The number	of process slots divided by 32

      Do not modify the	default	setting	for this attribute unless instructed
      to do so by support personnel or by patch	kit documentation.

  num_wait_queues
      The size of the hash table for the wait queue.

      Default value: The number	of process slots divided by 32

      Minimum value: 64

      Maximum value: 262,143



  open_max_hard
      Hard limit for the number	of file	descriptors for	each process.

      Default value: The value of OPEN_MAX_SYSTEM, which is 4096 (file
      descriptors)

      Minimum value: 0

      Maximum value: 65,536

      If the number of file descriptors	reaches	the value of the
      open_max_hard attribute or higher, the process is	stopped. The value
      for this limit can be increased only in a	program. Use the getdta-
      blesize()	system call to obtain the total	number of file descriptors in
      a	process' descriptor table. You can determine the current
      open_max_hard limit by using the getrlimit() system call and increase
      the hard limit for a process by using the	setsysinfo() function with
      the SSI_FD_NEWMAX	option.



  open_max_soft
      The soft limit for the number of file descriptors	for a process.

      Default value: The 4096 (file descriptors)

      Minimum value: 0

      Maximum value: open_max_hard

      When the open_max_soft limit is reached, a warning message is issued.
      Use the getdtablesize() system call to obtain the	total number of	file
      descriptors in a process'	descriptor table.  You can determine the
      open_max_hard and	open_max_soft limits by	using the getrlimit() system
      call and increase	the soft limit for a process up	to its hard limit  by
      using the	setrlimit() system call.



  per_proc_address_space
      The maximum amount, in bytes, of user process address space.

      Default value: 4,294,967,296 (bytes)

      Minimum value: 0

      Maximum value: 4,398,046,511,104



  per_proc_data_size
      Current maximum size, in bytes, of a data	segment	for each process.

      Default value: 134,217,728 (bytes)

      Minimum value: 0

      Maximum value: 4,398,046,511,104



  per_proc_stack_size
      The maximum size,	in bytes, of a user process stack.

      Default value: 8,388,608 (bytes)

      Minimum value: 0

      Maximum value: 4,398,046,511,104



  round_robin_switch_rate
      A	value that determines (per second of CPU time) the number of context
      switches that can	occur between processes	with the same priority and
      the timeslice allotted to	each process.

      Default value: 0 (100 context switches per second)

      Minimum value: 0

      Maximum value: hz

      The system uses the following formula to compute timeslice:

      timeslice	= hz / number_context_switches

      The hz value is the timer	interrupt frequency (hertz) for	one second of
      CPU time.	 This value is dependent on hardware and is typically 1024 or
      1200. (To	determine the hz value on a particular system, programmers
      can use the getsysinfo() call with GSI_CLK_TCK as	the op parameter.)

      If round_robin_switch_rate is either 0 (zero) or greater than hz,	the
      system uses 100 for number_context_switches. For example,	if hz is
      1024, the	resulting timeslice is 10 milliseconds,	and if hz is 1200,
      the resulting timeslice is 12 milliseconds:

      timeslice	= 1024 / 100 = 10

      timeslice	= 1200 / 100 = 12

      If round_robin_switch_rate is greater than zero and less than or equal
      to hz, then number_context_switches is set to round_robin_switch_rate.
      For example, changing round_robin_switch_rate from 0 to 20 decreases
      the number of context switches and increases timeslice by	a factor of
      five:

      timeslice	= 1024 / 20 = 51

      timeslice	= 1200 / 20 = 60

      Context switching	carries	a certain amount of CPU	overhead. If a CPU
      consistently handles many	large jobs that	do not complete	quickly, a
      larger timeslice (and fewer context switches) may	improve	throughput.
      However, the tradeoff is reduced response	time for any interactive
      processes	that the CPU handles.



  sched_min_idle
      Time, in clock ticks, that a thread must remain idle on a	multiproces-
      sor system before	it is eligible to migrate to another processor.

      Default value: 0 (clock ticks)

      Minimum value: 0

      Maximum value: INT_MAX

      This attribute is	used to	tune the soft affinity algorithm on multipro-
      cessor systems. Soft affinity enables a process to stay where it last
      ran, and thereby optimize	its use	of any data or instructions that it
      had brought into cache memory. The sched_min_idle	attribute is used
      only on multiprocessor systems; it has no	effect on single-CPU systems.

SEE ALSO

  Commands: dxkerneltuner(8), sysconfig(8), sysconfigdb(8)

  Others: sys_attrs(5)

  System Configuration and Tuning