1.\"- 2.\" Copyright (c) 2009 Edward Tomasz Napierala 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE 18.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24.\" POSSIBILITY OF SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dd September 14, 2015 29.Dt RCTL 8 30.Os 31.Sh NAME 32.Nm rctl 33.Nd display and update resource limits database 34.Sh SYNOPSIS 35.Nm 36.Op Fl h 37.Op Fl n 38.Op Ar filter 39.Nm 40.Fl a 41.Op Ar rule 42.Nm 43.Fl l 44.Op Fl h 45.Op Fl n 46.Op Ar filter 47.Nm 48.Fl r 49.Op Ar filter 50.Nm 51.Fl u 52.Op Fl h 53.Op Ar filter 54.Pp 55.Nm 56requires the kernel to be compiled with: 57.Bd -ragged -offset indent 58.Cd "options RACCT" 59.Cd "options RCTL" 60.Ed 61.Sh DESCRIPTION 62When called without options, the 63.Nm 64command writes currently defined RCTL rules to standard output. 65.Pp 66If a 67.Ar filter 68argument is specified, only rules matching the filter are displayed. 69The options are as follows: 70.Bl -tag -width indent 71.It Fl a Ar rule 72Add 73.Ar rule 74to the RCTL database. 75.It Fl l Ar filter 76Display rules applicable to the process defined by 77.Ar filter . 78Note that this is different from showing the rules when called without 79any options, as it shows not just the rules with subject equal to that 80of process, but also rules for the user, jail, and login class applicable 81to the process. 82.It Fl r Ar filter 83Remove rules matching 84.Ar filter 85from the RCTL database. 86.It Fl u Ar filter 87Display resource usage for a subject 88.Po 89.Sy process , 90.Sy user , 91.Sy loginclass 92or 93.Sy jail 94.Pc 95matching the 96.Ar filter . 97.It Fl h 98"Human-readable" output. 99Use unit suffixes: Byte, Kilobyte, Megabyte, 100Gigabyte, Terabyte and Petabyte. 101.It Fl n 102Display user IDs numerically rather than converting them to a user name. 103.El 104.Pp 105Modifying rules affects all currently running and future processes matching 106the rule. 107.Sh RULE SYNTAX 108Syntax for a rule is subject:subject-id:resource:action=amount/per. 109.Pp 110.Bl -tag -width "subject-id" -compact -offset indent 111.It subject 112defines the kind of entity the rule applies to. 113It can be either 114.Sy process , 115.Sy user , 116.Sy loginclass , 117or 118.Sy jail . 119.It subject-id 120identifies the 121.Em subject . 122It can be a process ID, user name, numerical user ID, login class name from 123.Xr login.conf 5 , 124or jail name. 125.It resource 126identifies the resource the rule controls. 127See the 128.Sx RESOURCES 129section below for details. 130.It action 131defines what will happen when a process exceeds the allowed 132.Em amount . 133See the 134.Sx ACTIONS 135section below for details. 136.It amount 137defines how much of the resource a process can use before 138the defined 139.Em action 140triggers. 141Resources which limit bytes may use prefixes from 142.Xr expand_number 3 . 143.It per 144defines what entity the 145.Em amount 146gets accounted for. 147For example, rule "loginclass:users:vmem:deny=100M/process" means 148that each process of any user belonging to login class "users" may allocate 149up to 100MB of virtual memory. 150Rule "loginclass:users:vmem:deny=100M/user" would mean that for each 151user belonging to the login class "users", the sum of virtual memory allocated 152by all the processes of that user will not exceed 100MB. 153Rule "loginclass:users:vmem:deny=100M/loginclass" would mean that the sum of 154virtual memory allocated by all processes of all users belonging to that login 155class will not exceed 100MB. 156.El 157.Pp 158A valid rule has all those fields specified, except for 159.Em per , 160which defaults 161to the value of 162.Em subject . 163.Pp 164A filter is a rule for which one of more fields other than 165.Em per 166is left empty. 167For example, a filter that matches every rule could be written as ":::=/", 168or, in short, ":". 169A filter that matches all the login classes would be "loginclass:". 170A filter that matches all defined rules for 171.Sy maxproc 172resource would be 173"::maxproc". 174.Sh SUBJECTS 175.Bl -column -offset 3n "pseudoterminals" ".Sy username or numerical User ID" 176.It Em subject Ta Em subject-id 177.It Sy process Ta numerical Process ID 178.It Sy user Ta user name or numerical User ID 179.It Sy loginclass Ta login class from 180.Xr login.conf 5 181.It Sy jail Ta jail name 182.El 183.Sh RESOURCES 184.Bl -column -offset 3n "pseudoterminals" 185.It Em resource 186.It Sy cputime Ta "CPU time, in seconds" 187.It Sy datasize Ta "data size, in bytes" 188.It Sy stacksize Ta "stack size, in bytes" 189.It Sy coredumpsize Ta "core dump size, in bytes" 190.It Sy memoryuse Ta "resident set size, in bytes" 191.It Sy memorylocked Ta "locked memory, in bytes" 192.It Sy maxproc Ta "number of processes" 193.It Sy openfiles Ta "file descriptor table size" 194.It Sy vmemoryuse Ta "address space limit, in bytes" 195.It Sy pseudoterminals Ta "number of PTYs" 196.It Sy swapuse Ta "swap space that may be reserved or used, in bytes" 197.It Sy nthr Ta "number of threads" 198.It Sy msgqqueued Ta "number of queued SysV messages" 199.It Sy msgqsize Ta "SysV message queue size, in bytes" 200.It Sy nmsgq Ta "number of SysV message queues" 201.It Sy nsem Ta "number of SysV semaphores" 202.It Sy nsemop Ta "number of SysV semaphores modified in a single semop(2) call" 203.It Sy nshm Ta "number of SysV shared memory segments" 204.It Sy shmsize Ta "SysV shared memory size, in bytes" 205.It Sy wallclock Ta "wallclock time, in seconds" 206.It Sy pcpu Ta "%CPU, in percents of a single CPU core" 207.El 208.Sh ACTIONS 209.Bl -column -offset 3n "pseudoterminals" 210.It Em action 211.It Sy deny Ta deny the allocation; not supported for 212.Sy cputime 213and 214.Sy wallclock 215.It Sy log Ta "log a warning to the console" 216.It Sy devctl Ta "send notification to" 217.Xr devd 8 218using 219.Sy system 220= "RCTL", 221.Sy subsystem 222= "rule", 223.Sy type 224= "matched" 225.It sig* e.g. 226.Sy sigterm ; 227send a signal to the offending process. 228See 229.Xr signal 3 230for a list of supported signals 231.El 232.Pp 233Not all actions are supported for all resources. 234Attempting to add a rule with an action not supported by a given resource will 235result in error. 236.Sh LOADER TUNABLES 237Tunables can be set at the 238.Xr loader 8 239prompt, or 240.Xr loader.conf 5 . 241.Bl -tag -width indent 242.It Va kern.racct.enable: No 1 243Enable 244.Nm . 245This defaults to 1, unless 246.Cd "options RACCT_DEFAULT_TO_DISABLED" 247is set in the kernel configuration file. 248.El 249.Sh EXIT STATUS 250.Ex -std 251.Sh EXAMPLES 252Prevent user "joe" from allocating more than 1GB of virtual memory: 253.Dl Nm Fl a Ar user:joe:vmemoryuse:deny=1g 254.Pp 255Remove all RCTL rules: 256.Dl Nm Fl r Ar \&: 257.Pp 258Display resource usage information for jail named "www": 259.Dl Nm Fl hu Ar jail:www 260.Pp 261Display all the rules applicable to process with PID 512: 262.Dl Nm Fl l Ar process:512 263.Pp 264Display all rules: 265.Dl Nm 266.Pp 267Display all rules matching user "joe": 268.Dl Nm Ar user:joe 269.Pp 270Display all rules matching login classes: 271.Dl Nm Ar loginclass: 272.Sh SEE ALSO 273.Xr rctl.conf 5 274.Sh HISTORY 275The 276.Nm 277command appeared in 278.Fx 9.0 . 279.Sh AUTHORS 280.An -nosplit 281The 282.Nm 283was developed by 284.An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org 285under sponsorship from the FreeBSD Foundation. 286.Sh BUGS 287Limiting 288.Sy memoryuse 289may kill the machine due to thrashing. 290