sys_attrs_proc(5)sys_attrs_proc(5)NAMEsys_attrs_proc - system attributes for the proc kernel subsystem
DESCRIPTION
This reference page describes system attributes for the Process (proc)
kernel subsystem. See sys_attrs(5) for an introduction to system
attributes.
Do not edit the system configuration file to directly change the value
of system parameters; use the dxkerneltuner application, the
/sbin/sysconfig -r command, or the sysconfigdb command to make such
changes. See dxkerneltuner(8), sysconfig(8), and sysconfigdb(8) for
more information about your options for configuring kernel subsystems.
Attributes whose names are preceded by an asterisk(*) can be modified
at run time.
A value that enables (1) or disables (0) the ability of applica‐
tions that use more than 600 seconds of CPU time to automati‐
cally increase their nice values (that is, lower their schedul‐
ing priorities).
Default value: 0 (disabled)
The nice value that is assigned to a process after it has used
an amount of CPU time that exceeds the value of the auton‐
ice_time attribute.
Default value: 4
Minimum value: 0
Maximum value: 20
The amount of CPU time, in seconds, that a process can use
before it is assigned the nice value that is specified by the
autonice_penalty attribute.
Default value: 600 (seconds)
Minimum value: 0
Maximum value: 86,400
A value that enables (1) or disables (0) the ability of user
processes to create core dumps. If disabled (0), this attribute
can prevent some denial-of-service attacks that are possible if
the core file and the directory where it is written are inade‐
quately protected and a privileged user is running the program.
By default, many applications dump core files to the directory
from which the user invoked the program. If a privileged user
invoked such a program from a world-writeable directory, such as
/tmp, the /tmp/core pathname could be spoofed into creating or
overwriting a file in a privileged location.
Default value: 1 (enabled)
Because core files provide important debugging information to
application maintainers, it is recommended that this attribute
be set to 0 (disabled) only if the system is subject to denial-
of-service attacks.
This attribute can be modified at run time.
Note that programs can control the location of core files by
using the setsysinfo() call with an SSI_COREDIR request. See
setsysinfo(2) for more information.
A value that enables (1) or disables (0) the ability of applica‐
tions running in setuid/setgid mode to dump core.
Default value: 0 (disabled)
Core dumps from processes of applications running in setuid/set‐
gid mode can contain sensitive information that might be used to
compromise system security. It is recommended that this
attribute be set to 1 (enabled) only for purposes of application
debugging and then returned to 0 (the default) after the appli‐
cation is debugged.
This attribute can be modified at run time.
The maximum number of unique core files that a program can cre‐
ate on a host system.
Default value: 16 (files)
Minimum value: 1
Maximum value: 99,999
This attribute can be modified at run time.
A value that enables (1) or disables (0) creation of multiple
versions of core files. If this attribute is set to 0, an
existing core file will be overwritten when a new one is cre‐
ated.
Default value: 0 (disabled)
This attribute can be modified at run time.
A value that enables (1) or disables (0) a limit on the number
of arguments that a command can have when it executes. When
exec_disable_arg_limit is set to one, there is no limit on the
number of command arguments other than a memory restriction
imposed by the user program stack size.
Default value: 0 (hard limit enforced)
This attribute can be modified at run time. It is recommended
that you set exec_disable_arg_limit to 1. The default value is
in place because industry standards currently require not only
that a hard limit be accessible to any programs executing a com‐
mand but also that an error be returned to the program when this
limit is reached. When exec_disable_arg_limit is set to 1, the
operating system does not return an error because there is no
hard limit to enforce. Most programs that conform to industry
standards will continue to execute correctly if this error is
not returned.
A dynamic value that controls the allocation of memory with both
write and execute privileges in order to reduce privileged
process vulnerability to buffer overflow exploits. All pro‐
cesses may allocate writable and executable memory.
Default value: 0 (disabled)
Minimum value: 0
Maximum value: 53
Caution
Before changing executable_data from the default value of 0, you
must run the /usr/sbin/javaexecutedata script. Otherwise, privi‐
leged java applications will fail in unpredictable ways.
This attribute can be set to only one of five values. The fol‐
lowing list shows the five values and describes what happens
when a process executing as root or a process running a setuid
application requests writeable, executable memory: The request
succeeds, and the process may allocate writeable and executable
memory. The request succeeds, but the process receives only
writeable memory. No message is generated. This is the recom‐
mended value. The request fails with an EACCES status. No mes‐
sage is generated. The request succeeds, but the process
receives only writeable memory. A message is generated. The
request fails with an EACCES status, and a message is generated.
A value that allows (1) or disallows (0) execute privilege on
the user program stack for programs that would otherwise have
this privilege. Disallowing execute privilege on the user pro‐
gram stack enhances system security but does not affect normal
programs.
Default value: 0 (disallowed)
This attribute can be modified at run time. Although certain
applications may require the program stack to be executable, it
is strongly recommended that you set executable_stack to 1 only
on systems (such as those behind firewalls) that are not vulner‐
able to security violations.
A value that enables (1) or disables (0) booting the priority of
processes that have recently awakened from a block I/O opera‐
tion. Setting this attribute to 1 reduces I/O latency and may
make the system more responsive.
Default value: 1 (enabled)
Maximum amount, in bytes, of user process address space.
Default value: 4,294,967,296 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
Maximum size, in bytes, of a data segment for each process.
Default value: 1,073,741,824 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
Maximum size, in bytes, of a user process stack.
Default value: 33,554,432 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
Maximum number of processes (tasks) that a user can create.
(The superuser is not affected.)
Default value: 256 (processes)
Minimum value: 0
Maximum value: 524,287
If you specify 0 for this attribute, the system does not check
how many processes a user creates.
Maximum limit of threads a user can create. (The superuser is
not affected.)
Default value: 1024 (threads)
Minimum value: 0
Maximum value: LONG_MAX
If you specify 0 for this attribute, the system does not check
how many threads a user creates.
Number of simultaneous users that a system can support without
straining system resources. System algorithms use the maxusers
value to size various system data structures and to determine
the amount of space allocated to system tables, such as the sys‐
tem process table.
Default value: System dependent
Minimum value: 8 (users)
Maximum value: 16,384
Increasing the value of the maxusers attribute allocates more
system resources to the kernel. However, it also increases the
amount of physical memory consumed by the kernel. Changing the
value of the maxusers attribute automatically adjusts the values
of other attributes, including the taskmax, threadmax, and
min_free_vnodes attributes if you have not explicitly overridden
the default values for those attributes.
The maxusers value can be increased at run time. It can be
decreased only at boot time.
Minimum amount of memory that can be used for timeout tables.
The value of this attribute is automatically adjusted.
Do not modify the default setting for this attribute unless
instructed to do so by support personnel or by patch kit docu‐
mentation.
The number of callout tables. This number determines the size of
the hash table for timeout queues.
Default value: The number of process slots divided by 32
Do not modify the default setting for this attribute unless
instructed to do so by support personnel or by patch kit docu‐
mentation. The size of the hash table for the wait queue.
Default value: The number of process slots divided by 32
Minimum value: 64
Maximum value: 262,143
Hard limit for the number of file descriptors for each process.
Default value: The value of OPEN_MAX_SYSTEM, which is 4096 (file
descriptors)
Minimum value: 0
Maximum value: 65,536
If the number of file descriptors reaches the value of the
open_max_hard attribute or higher, the process is stopped. The
value for this limit can be increased only in a program. Use the
getdtablesize() system call to obtain the total number of file
descriptors in a process' descriptor table. You can determine
the current open_max_hard limit by using the getrlimit() system
call and increase the hard limit for a process by using the set‐
sysinfo() function with the SSI_FD_NEWMAX option.
The soft limit for the number of file descriptors for a process.
Default value: The 4096 (file descriptors)
Minimum value: 0
Maximum value: open_max_hard
When the open_max_soft limit is reached, a warning message is
issued. Use the getdtablesize() system call to obtain the total
number of file descriptors in a process' descriptor table. You
can determine the open_max_hard and open_max_soft limits by
using the getrlimit() system call and increase the soft limit
for a process up to its hard limit by using the setrlimit()
system call.
The maximum amount, in bytes, of user process address space.
Default value: 4,294,967,296 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
Current maximum size, in bytes, of a data segment for each
process.
Default value: 134,217,728 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
The maximum size, in bytes, of a user process stack.
Default value: 8,388,608 (bytes)
Minimum value: 0
Maximum value: 4,398,046,511,104
A value that determines (per second of CPU time) the number of
context switches that can occur between processes with the same
priority and the timeslice allotted to each process.
Default value: 0 (100 context switches per second)
Minimum value: 0
Maximum value: hz
The system uses the following formula to compute timeslice:
timeslice = hz / number_context_switches
The hz value is the timer interrupt frequency (hertz) for one
second of CPU time. This value is dependent on hardware and is
typically 1024 or 1200. (To determine the hz value on a particu‐
lar system, programmers can use the getsysinfo() call with
GSI_CLK_TCK as the op parameter.)
If round_robin_switch_rate is either 0 (zero) or greater than
hz, the system uses 100 for number_context_switches. For exam‐
ple, if hz is 1024, the resulting timeslice is 10 milliseconds,
and if hz is 1200, the resulting timeslice is 12 milliseconds:
timeslice = 1024 / 100 = 10
timeslice = 1200 / 100 = 12
If round_robin_switch_rate is greater than zero and less than or
equal to hz, then number_context_switches is set to
round_robin_switch_rate. For example, changing
round_robin_switch_rate from 0 to 20 decreases the number of
context switches and increases timeslice by a factor of five:
timeslice = 1024 / 20 = 51
timeslice = 1200 / 20 = 60
Context switching carries a certain amount of CPU overhead. If a
CPU consistently handles many large jobs that do not complete
quickly, a larger timeslice (and fewer context switches) may
improve throughput. However, the tradeoff is reduced response
time for any interactive processes that the CPU handles.
Time, in clock ticks, that a thread must remain idle on a multi‐
processor system before it is eligible to migrate to another
processor.
Default value: 0 (clock ticks)
Minimum value: 0
Maximum value: INT_MAX
This attribute is used to tune the soft affinity algorithm on
multiprocessor systems. Soft affinity enables a process to stay
where it last ran, and thereby optimize its use of any data or
instructions that it had brought into cache memory. The
sched_min_idle attribute is used only on multiprocessor systems;
it has no effect on single-CPU systems.
SEE ALSO
Commands: dxkerneltuner(8), sysconfig(8), sysconfigdb(8)
Others: sys_attrs(5)
System Configuration and Tuning
sys_attrs_proc(5)