Re: POSIX shared memory, jails, and (lack of) limits

From: Michael Gmelin <freebsd_at_grem.de>
Date: Fri, 06 Aug 2021 15:53:34 UTC

On Mon, 2 Aug 2021 22:38:54 +0200
Michael Gmelin <freebsd@grem.de> wrote:

> > On 2. Aug 2021, at 21:40, Mark Johnston <markj@freebsd.org> wrote:
> >  ...
> > racct/rctl provides the "swapuse" resource which should account for
> > this.  It does not apply to largepage objects, though.  
> 
> I tried to limit swapuse for a jail and it doesn’t limit posix shared
> memory created within the jail (I can still create shared memory
> segments within the jail until the machine runs out of virtual
> memory).
> 
> Should I share the test case to make sure I didn’t mess up?

See a stripped down example below (originally I did this in a proper
jail).

Cheers
Michael
(resent, originally off-list)

cat >/tmp/shmtest.c<<EOF
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <string.h>
#include <stdio.h>
#include <unistd.h>

#define SEG_LEN 1024*1024*10

int main(int argc, char** argv) {
  int fd = shm_open(argv[1], O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
  ftruncate(fd, SEG_LEN);
  char* ptr = mmap(NULL, SEG_LEN, 
    PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
  memset(ptr, 0xff, SEG_LEN);
}
EOF

cc -o /tmp/shmtest /tmp/shmtest.c

rctl -a jail:test:vmemoryuse:deny=500M
rctl -a jail:test:memoryuse:deny=400M
rctl -a jail:test:swapuse:deny=200M

jail -c path=/ name=test \
  command=sh -c 'for name in $(jot 1000); do /tmp/shmtest /$name; done'


-- 
Michael Gmelin