xref: /freebsd/usr.bin/rctl/rctl.8 (revision d8c4c8331491d84b38cd2fe22324faf5dd05e1bb)

.\"-
.\" Copyright (c) 2009 Edward Tomasz Napierala
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd September 16, 2012
.Dt RCTL 8
.Os
.Sh NAME
.Nm rctl
.Nd display and update resource limits database
.Sh SYNOPSIS
.Nm
.Op Fl h
.Op Fl n
.Op Ar filter
.Nm
.Fl a
.Op Ar rule
.Nm
.Op Fl h
.Op Fl n
.Fl l
.Op Ar filter
.Nm
.Fl r
.Op Ar filter
.Nm
.Op Fl h
.Fl u
.Op Ar filter
.Sh DESCRIPTION
When called without options, the
.Nm
command writes currently defined RCTL rules to standard output.
.Pp
If a
.Ar filter
argument is specified, only rules matching the filter are displayed.
The options are as follows:
.Bl -tag -width indent
.It Fl a Ar rule
Add
.Ar rule
to the RCTL database.
.It Fl l Ar filter
Display rules applicable to the process defined by
.Ar filter .
Note that this is different from showing the rules when called without
any options, as it shows not just the rules with subject equal to that
of process, but also rules for the user, jail, and login class applicable
to the process.
.It Fl r Ar filter
Remove rules matching
.Ar filter
from the RCTL database.
.It Fl u Ar filter
Display resource usage for a subject (process, user, login class
or jail) matching the
.Ar filter .
.It Fl h
"Human-readable" output.
Use unit suffixes: Byte, Kilobyte, Megabyte,
Gigabyte, Terabyte and Petabyte.
.It Fl n
Display user IDs numerically rather than converting them to a user name.
.El
.Sh RULE SYNTAX
Syntax for a rule is subject:subject-id:resource:action=amount/per.
.Pp
Subject defines the kind of entity the rule applies to.
It can be either process, user, login class, or jail.
.Pp
Subject ID identifies the subject.
It can be a process ID, user name, numerical user ID, login class name,
or jail name.
.Pp
Resource identifies the resource the rule controls.
.Pp
Action defines what will happen when a process exceeds the allowed amount.
.Pp
Amount defines how much of the resource a process can use before
the defined action triggers.
.Pp
The per field defines what entity the amount gets accounted for.
For example, rule "loginclass:users:vmem:deny=100M/process" means
that each process of any user belonging to login class "users" may allocate
up to 100MB of virtual memory.
Rule "loginclass:users:vmem:deny=100M/user" would mean that for each
user belonging to the login class "users", the sum of virtual memory allocated
by all the processes of that user will not exceed 100MB.
Rule "loginclass:users:vmem:deny=100M/loginclass" would mean that the sum of
virtual memory allocated by all processes of all users belonging to that login
class will not exceed 100MB.
.Pp
Valid rule has all those fields specified, except for the per, which defaults
to the value of subject.
.Pp
A filter is a rule for which one of more fields other than per is left empty.
For example, a filter that matches every rule could be written as ":::=/",
or, in short, ":".
A filter that matches all the login classes would be "loginclass:".
A filter that matches all defined rules for maxproc resource would be
"::maxproc".
.Sh RESOURCES
.Bl -column -offset 3n "pseudoterminals"
.It cputime Ta "CPU time, in seconds"
.It datasize Ta "data size, in bytes"
.It stacksize Ta "stack size, in bytes"
.It coredumpsize Ta "core dump size, in bytes"
.It memoryuse Ta "resident set size, in bytes"
.It memorylocked Ta "locked memory, in bytes"
.It maxproc Ta "number of processes"
.It openfiles Ta "file descriptor table size"
.It vmemoryuse Ta "address space limit, in bytes"
.It pseudoterminals Ta "number of PTYs"
.It swapuse Ta "swap usage, in bytes"
.It nthr Ta "number of threads"
.It msgqqueued Ta "number of queued SysV messages"
.It msgqsize Ta "SysV message queue size, in bytes"
.It nmsgq Ta "number of SysV message queues"
.It nsem Ta "number of SysV semaphores"
.It nsemop Ta "number of SysV semaphores modified in a single semop(2) call"
.It nshm Ta "number of SysV shared memory segments"
.It shmsize Ta "SysV shared memory size, in bytes"
.It wallclock Ta "wallclock time, in seconds"
.El
.Sh ACTIONS
.Bl -column -offset 3n "pseudoterminals"
.It deny Ta "deny the allocation; not supported for cpu and wallclock"
.It log Ta "log a warning to the console"
.It devctl Ta "send notification to"
.Xr devd 8
.It "sig*	e.g. sigterm; send a signal to the offending process"
.El
.Pp
See
.Xr signal 3
for a list of supported signals.
.Pp
Not all actions are supported for all resources.
Attempt to add rule with action not supported by a given resouce will result
in error.
.Pp
Note that limiting RSS may kill the machine due to thrashing.
.Sh EXIT STATUS
.Ex -std
.Sh EXAMPLES
.Dl rctl -a user:joe:vmemoryuse:deny=1g
.Pp
Prevent user "joe" from allocating more than 1GB of virtual memory.
.Pp
.Dl rctl -r :
.Pp
Remove all RCTL rules.
.Pp
.Dl rctl -hu jail:www
.Pp
Display resource usage information for jail named "www".
.Pp
.Dl rctl -l process:512
.Pp
Display all the rules applicable to process with PID 512.
.Sh SEE ALSO
.Xr rctl.conf 5
.Sh HISTORY
The
.Nm
command appeared in
.Fx 9.0 .
.Sh AUTHORS
.An -nosplit
The
.Nm
command was written by
.An Edward Tomasz Napierala Aq trasz@FreeBSD.org .