Edward Tomasz Napierala допилил HRL (RCTL). Судя по вики - выглядит это очень вкусно!
Как-то пропустили эту новость. Решил запостить сюда.
This is what RCTL provides:
1. Resource limits apply to what the system administrator wants them to apply. What the resource limit applies to is determined by the "subject" field of RCTL rule. For example, subject may be "process:1234" or "user:trasz" or "jail:42".
2. Resource limits do what the administrator wants them to do. Action to be taken when the limit gets exceeded is determined by the "action" field of RCTL rule. Example actions are "deny" (which means denying the allocation), "sighup" (which means sending SIGHUP to the offending process) and "log" (which means logging message to the syslog). There may be several rules with the same subject and resource, differing by action - for example, one may set rule so that when the offending process exceeds 500MB of memory, a warning gets logged to the syslog; when it exceeds 1GB of memory, the SIGHUP is sent to the process, and when it exceeds 2GB of memory, it gets killed with SIGKILL.
3. Resource limits are stored as RCTL rules, kind of similar to firewall rules. Rules look like this: "process:613:stacksize:deny=536870912", and may be added and removed by the system administrator at any time. When a rule is added, it is enforced immediately, without the need to restart any process.
Most of the code was merged into FreeBSD 9-CURRENT. To use it, add
to the kernel config file and rebuild your kernel.Код: Выделить всё
options RACCT options RCTL