xref: /freebsd/usr.bin/rctl/rctl.8 (revision 3fc36ee018bb836bd1796067cf4ef8683f166ebc)
1.\"-
2.\" Copyright (c) 2009 Edward Tomasz Napierala
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
18.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
19.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
20.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
22.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
23.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24.\" POSSIBILITY OF SUCH DAMAGE.
25.\"
26.\" $FreeBSD$
27.\"
28.Dd January 30, 2016
29.Dt RCTL 8
30.Os
31.Sh NAME
32.Nm rctl
33.Nd display and update resource limits database
34.Sh SYNOPSIS
35.Nm
36.Op Fl h
37.Op Fl n
38.Op Ar filter Ar ...
39.Nm
40.Fl a
41.Ar rule Ar ...
42.Nm
43.Fl l
44.Op Fl h
45.Op Fl n
46.Ar filter Ar ...
47.Nm
48.Fl r
49.Ar filter Ar ...
50.Nm
51.Fl u
52.Op Fl h
53.Ar filter Ar ...
54.Pp
55.Nm
56requires the kernel to be compiled with:
57.Bd -ragged -offset indent
58.Cd "options RACCT"
59.Cd "options RCTL"
60.Ed
61.Sh DESCRIPTION
62When called without options, the
63.Nm
64command writes currently defined RCTL rules to standard output.
65.Pp
66If a
67.Ar filter
68argument is specified, only rules matching the filter are displayed.
69The options are as follows:
70.Bl -tag -width indent
71.It Fl a Ar rule
72Add
73.Ar rule
74to the RCTL database.
75.It Fl l Ar filter
76Display rules applicable to the process defined by
77.Ar filter .
78Note that this is different from showing the rules when called without
79any options, as it shows not just the rules with subject equal to that
80of process, but also rules for the user, jail, and login class applicable
81to the process.
82.It Fl r Ar filter
83Remove rules matching
84.Ar filter
85from the RCTL database.
86.It Fl u Ar filter
87Display resource usage for a subject
88.Po
89.Sy process ,
90.Sy user ,
91.Sy loginclass
92or
93.Sy jail
94.Pc
95matching the
96.Ar filter .
97.It Fl h
98"Human-readable" output.
99Use unit suffixes: Byte, Kilobyte, Megabyte,
100Gigabyte, Terabyte and Petabyte.
101.It Fl n
102Display user IDs numerically rather than converting them to a user name.
103.El
104.Pp
105Modifying rules affects all currently running and future processes matching
106the rule.
107.Sh RULE SYNTAX
108Syntax for a rule is subject:subject-id:resource:action=amount/per.
109.Pp
110.Bl -tag -width "subject-id" -compact -offset indent
111.It subject
112defines the kind of entity the rule applies to.
113It can be either
114.Sy process ,
115.Sy user ,
116.Sy loginclass ,
117or
118.Sy jail .
119.It subject-id
120identifies the
121.Em subject .
122It can be a process ID, user name, numerical user ID, login class name from
123.Xr login.conf 5 ,
124or jail name.
125.It resource
126identifies the resource the rule controls.
127See the
128.Sx RESOURCES
129section below for details.
130.It action
131defines what will happen when a process exceeds the allowed
132.Em amount .
133See the
134.Sx ACTIONS
135section below for details.
136.It amount
137defines how much of the resource a process can use before
138the defined
139.Em action
140triggers.
141Resources which limit bytes may use prefixes from
142.Xr expand_number 3 .
143.It per
144defines what entity the
145.Em amount
146gets accounted for.
147For example, rule "loginclass:users:vmem:deny=100M/process" means
148that each process of any user belonging to login class "users" may allocate
149up to 100MB of virtual memory.
150Rule "loginclass:users:vmem:deny=100M/user" would mean that for each
151user belonging to the login class "users", the sum of virtual memory allocated
152by all the processes of that user will not exceed 100MB.
153Rule "loginclass:users:vmem:deny=100M/loginclass" would mean that the sum of
154virtual memory allocated by all processes of all users belonging to that login
155class will not exceed 100MB.
156.El
157.Pp
158A valid rule has all those fields specified, except for
159.Em per ,
160which defaults
161to the value of
162.Em subject .
163.Pp
164A filter is a rule for which one of more fields other than
165.Em per
166is left empty.
167For example, a filter that matches every rule could be written as ":::=/",
168or, in short, ":".
169A filter that matches all the login classes would be "loginclass:".
170A filter that matches all defined rules for
171.Sy maxproc
172resource would be
173"::maxproc".
174.Sh SUBJECTS
175.Bl -column -offset 3n "pseudoterminals" ".Sy username or numerical User ID"
176.It Em subject Ta Em subject-id
177.It Sy process Ta numerical Process ID
178.It Sy user Ta user name or numerical User ID
179.It Sy loginclass Ta login class from
180.Xr login.conf 5
181.It Sy jail Ta jail name
182.El
183.Sh RESOURCES
184.Bl -column -offset 3n "pseudoterminals"
185.It Em resource
186.It Sy cputime Ta "CPU time, in seconds"
187.It Sy datasize Ta "data size, in bytes"
188.It Sy stacksize Ta "stack size, in bytes"
189.It Sy coredumpsize Ta "core dump size, in bytes"
190.It Sy memoryuse Ta "resident set size, in bytes"
191.It Sy memorylocked Ta "locked memory, in bytes"
192.It Sy maxproc Ta "number of processes"
193.It Sy openfiles Ta "file descriptor table size"
194.It Sy vmemoryuse Ta "address space limit, in bytes"
195.It Sy pseudoterminals Ta "number of PTYs"
196.It Sy swapuse Ta "swap space that may be reserved or used, in bytes"
197.It Sy nthr Ta "number of threads"
198.It Sy msgqqueued Ta "number of queued SysV messages"
199.It Sy msgqsize Ta "SysV message queue size, in bytes"
200.It Sy nmsgq Ta "number of SysV message queues"
201.It Sy nsem Ta "number of SysV semaphores"
202.It Sy nsemop Ta "number of SysV semaphores modified in a single semop(2) call"
203.It Sy nshm Ta "number of SysV shared memory segments"
204.It Sy shmsize Ta "SysV shared memory size, in bytes"
205.It Sy wallclock Ta "wallclock time, in seconds"
206.It Sy pcpu Ta "%CPU, in percents of a single CPU core"
207.It Sy readbps Ta "filesystem reads, in bytes per second"
208.It Sy writebps Ta "filesystem writes, in bytes per second"
209.It Sy readiops Ta "filesystem reads, in operations per second"
210.It Sy writeiops Ta "filesystem writes, in operations per second"
211.El
212.Sh ACTIONS
213.Bl -column -offset 3n "pseudoterminals"
214.It Em action
215.It Sy deny Ta deny the allocation; not supported for
216.Sy cputime ,
217.Sy wallclock ,
218.Sy readbps ,
219.Sy writebps ,
220.Sy readiops ,
221and
222.Sy writeiops
223.It Sy log Ta "log a warning to the console"
224.It Sy devctl Ta "send notification to"
225.Xr devd 8
226using
227.Sy system
228= "RCTL",
229.Sy subsystem
230= "rule",
231.Sy type
232= "matched"
233.It sig*	e.g.
234.Sy sigterm ;
235send a signal to the offending process.
236See
237.Xr signal 3
238for a list of supported signals
239.It Sy throttle Ta "slow down process execution"; only supported for
240.Sy readbps ,
241.Sy writebps ,
242.Sy readiops ,
243and
244.Sy writeiops .
245.El
246.Pp
247Not all actions are supported for all resources.
248Attempting to add a rule with an action not supported by a given resource will
249result in error.
250.Sh LOADER TUNABLES
251Tunables can be set at the
252.Xr loader 8
253prompt, or
254.Xr loader.conf 5 .
255.Bl -tag -width indent
256.It Va kern.racct.enable: No 1
257Enable
258.Nm .
259This defaults to 1, unless
260.Cd "options RACCT_DEFAULT_TO_DISABLED"
261is set in the kernel configuration file.
262.El
263.Sh EXIT STATUS
264.Ex -std
265.Sh EXAMPLES
266Prevent user "joe" from allocating more than 1GB of virtual memory:
267.Dl Nm Fl a Ar user:joe:vmemoryuse:deny=1g
268.Pp
269Remove all RCTL rules:
270.Dl Nm Fl r Ar \&:
271.Pp
272Display resource usage information for jail named "www":
273.Dl Nm Fl hu Ar jail:www
274.Pp
275Display all the rules applicable to process with PID 512:
276.Dl Nm Fl l Ar process:512
277.Pp
278Display all rules:
279.Dl Nm
280.Pp
281Display all rules matching user "joe":
282.Dl Nm Ar user:joe
283.Pp
284Display all rules matching login classes:
285.Dl Nm Ar loginclass:
286.Sh SEE ALSO
287.Xr rctl.conf 5
288.Sh HISTORY
289The
290.Nm
291command appeared in
292.Fx 9.0 .
293.Sh AUTHORS
294.An -nosplit
295The
296.Nm
297was developed by
298.An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org
299under sponsorship from the FreeBSD Foundation.
300.Sh BUGS
301Limiting
302.Sy memoryuse
303may kill the machine due to thrashing.
304.Pp
305The
306.Sy readiops
307and
308.Sy writeiops
309counters are only approximations.
310Like
311.Sy readbps
312and
313.Sy writebps ,
314they are calculated in the filesystem layer, where it is difficult
315or even impossible to observe actual disk device operations.
316.Pp
317The
318.Sy writebps
319and
320.Sy writeiops
321resources generally account for writes to the filesystem cache,
322not to actual devices.
323