xref: /freebsd/usr.bin/rctl/rctl.8 (revision 85a2f1b4f240d671dbc127daf344f75ca00cbe2e)

.\"-
.\" Copyright (c) 2009 Edward Tomasz Napierala
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd July 14, 2011
.Dt RCTL 8
.Os
.Sh NAME
.Nm rctl
.Nd display and update resource limits database
.Sh SYNOPSIS
.Nm
.Op Fl h
.Op Fl n
.Op Ar filter
.Nm
.Fl a
.Op Ar rule
.Nm
.Op Fl h
.Op Fl n
.Fl l
.Op Ar filter
.Nm
.Fl r
.Op Ar filter
.Nm
.Op Fl h
.Fl u
.Op Ar filter
.Sh DESCRIPTION
When called without options, the
.Nm
command writes currently defined RCTL rules to standard output.
.Pp
If a
.Ar filter
argument is specified, only rules matching the filter are displayed.
The options are as follows:
.Bl -tag -width indent
.It Fl a Ar rule
Add
.Ar rule
to the RCTL database.
.It Fl l Ar filter
Display rules applicable to the process defined by
.Ar filter .
.It Fl r Ar filter
Remove rules matching
.Ar filter
from the RCTL database.
.It Fl u Ar filter
Display resource usage for a subject (process, user, login class
or jail) matching the
.Ar filter .
.It Fl h
"Human-readable" output.
Use unit suffixes: Byte, Kilobyte, Megabyte,
Gigabyte, Terabyte and Petabyte.
.It Fl n
Display user IDs numerically rather than converting them to a user name.
.El
.Sh RULE SYNTAX
Syntax for a rule is subject:subject-id:resource:action=amount/per.
.Pp
Subject defines the kind of entity the rule applies to.
It can be either process, user, login class, or jail.
.Pp
Subject ID identifies the subject.  It can be user name,
numerical user ID, login class name, or jail name.
.Pp
Resource identifies the resource the rule controls.
.Pp
Action defines what will happen when a process exceeds the allowed amount.
.Pp
Amount defines how much of the resource a process can use before
the defined action triggers.
.Pp
The per field defines what entity the amount gets accounted for.
For example, rule "loginclass:users:vmem:deny=100M/process" means
that each process of any user belonging to login class "users" may allocate
up to 100MB of virtual memory.
Rule "loginclass:users:vmem:deny=100M/user" would mean that for each
user belonging to the login class "users", the sum of virtual memory allocated
by all the processes of that user will not exceed 100MB.
Rule "loginclass:users:vmem:deny=100M/loginclass" would mean that the sum of
virtual memory allocated by all processes of all users belonging to that login
class will not exceed 100MB.
.Pp
Valid rule has all those fields specified, except for the per, which defaults
to the value of subject.
.Pp
A filter is a rule for which one of more fields other than per is left empty.
For example, a filter that matches every rule could be written as ":::=/",
or, in short, ":".
A filter that matches all the login classes would be "loginclass:".
A filter that matches all defined rules for nproc resource would be
"::nproc".
.Pp
.Sh RESOURCES
.Bl -column -offset 3n "pseudoterminals"
.It cputime		CPU time, in seconds
.It datasize		data size, in bytes
.It stacksize		stack size, in bytes
.It coredumpsize	core dump size, in bytes
.It memoryuse		resident set size, in bytes
.It memorylocked	locked memory, in bytes
.It maxproc		number of processes
.It openfiles		file descriptor table size
.It vmemoryuse		address space limit, in bytes
.It pseudoterminals	number of PTYs
.It swapuse		swap usage, in bytes
.It nthr		number of threads
.It msgqqueued		number of queued SysV messages
.It msgqsize		SysV message queue size, in bytes
.It nmsgq		number of SysV message queues
.It nsem		number of SysV semaphores
.It nsemop		number of SysV semaphores modified in a single semop(2) call
.It nshm		number of SysV shared memory segments
.It shmsize		SysV shared memory size, in bytes
.It wallclock		wallclock time, in seconds
.El
.Pp
.Sh ACTIONS
.Bl -column -offset 3n "pseudoterminals"
.It deny	deny the allocation; not supported for cpu and wallclock
.It log		log a warning to the console
.It devctl	send notification to
.Xr devd 8
.It sig*	e.g. sigterm; send a signal to the offending process
.El
.Pp
See
.Xr signal 3
for a list of supported signals.
.Pp
Not all actions are supported for all resources.
Attempt to add rule with action not supported by a given resouce will result
in error.
.Pp
Note that limiting RSS may kill the machine due to thrashing.
.Pp
.Sh EXIT STATUS
.Ex -std
.Sh EXAMPLES
.Dl rctl -a user:joe:vmemoryuse:deny=1g
.Pp
Prevent user "joe" from allocating more than 1GB of virtual memory.
.Pp
.Dl rctl -r :
.Pp
Remove all RCTL rules.
.Pp
.Dl rctl -hu jail:www
.Pp
Display resource usage information for jail named "www".
.Pp
.Dl rctl -l process:512
.Pp
Display all the rules applicable to process with PID 512.
.Sh SEE ALSO
.Xr rctl.conf 5 ,
.Xr jailstat 8 ,
.Xr userstat 8
.Sh HISTORY
The
.Nm
command appeared in
.Fx 9.0.
.Sh AUTHORS
.An -nosplit
The
.Nm
command was written by
.An Edward Tomasz Napierala Aq trasz@FreeBSD.org .