Problem with configuring rctl.conf

I have set the following in /etc/rctl.conf:
Code:
user:snurg:memoryuse:deny=10g/user
user:snurg:vmemoryuse:deny=10g/user
user:snurg:swapuse:deny=10g/user
user:snurg:shmsize:deny=10g/user
user:snurg:datasize:deny=10g/user
user:snurg:stacksize:deny=10g/user
However, when verifying that after reboot, rctl -hu user:snurg lists all resources mentioned in rctl() with zero values.
The setting kern.racct.enable=1 in /boot/loader.conf is present.

Thus it looks to me as if for some reason the contents of /etc/rctl.conf are being ignored.
I looked into /var/log/messages, but there is no unusual message which could hint at a problem.

What could I have done wrong?
 
Further exploration with swapstresser shows that the memory limit is being respected.
The rctl command shown above does not display the limits being set in /etc/rctl.conf, but the actual statistics.
So this "problem" was just a misunderstanding on my behalf when interpreting the documentation.
And, what I apparently also misunderstood: I interpreted the documentation in the way, that these limits would be per process.
But it seems that the memory usage is indeed per user:) *thumbsup*
 
It's usually per login session though I can't comment on all settings because it's been a while for me.

But if you limit the maximum amount of processes (for example: setting it to two so that users can start their login shell and at most one extra program (like an editor)) then these limits won't re-apply if the user logs on again. The can actually log on again even though they would basically have 3 processes then (two login shells and one editor).

That might also be something to keep in mind.
 
As I ran multiple text consoles, where the user had to log in each, I guess it has been multiple login sessions.
So my impression is that some setting of these listed above are per user, all login sessions combined.
However I am not sure yet which setting regards malloc()-allocated memory...

The reason why I asked that question is that I want to run my desktop safely with swap disabled, which is discussed in more detail in this and the following posts.
 
Easily found out. Just limit the user to a very small amount of memory and have it do something which gobbles up a lot more. Editing a large file or maybe even starting X.
 
Back
Top