display and update resource limits database
When called without options, the
writes currently defined RCTL rules to standard output.
If a filter
argument is specified, only rules
matching the filter are displayed. The options are as follows:
- Add rule to the RCTL database.
- Display rules applicable to the process defined by
filter. Note that this is different from
showing the rules when called without any options, as it shows not just
the rules with subject equal to that of process, but also rules for the
user, jail, and login class applicable to the process.
- Remove rules matching filter from the
- Display resource utilization for a subject
jail) matching the
- "Human-readable" output. Use unit suffixes: Byte, Kilobyte,
Megabyte, Gigabyte, Terabyte and Petabyte.
- Display user IDs numerically rather than converting them to a user
Modifying rules affects all currently running and future processes matching the
Syntax for a rule is subject:subject-id:resource:action=amount/per.
- defines the kind of entity the rule applies to. It can be either
- identifies the subject. It can be a process
ID, user name, numerical user ID, login class name from
or jail name.
- identifies the resource the rule controls. See the
RESOURCES section below for
- defines what will happen when a process exceeds the allowed
amount. See the
ACTIONS section below for
- defines how much of the resource a process can use before the defined
action triggers. Resources which limit bytes
may use prefixes from
- defines what entity the amount gets accounted
for. For example, rule
"loginclass:users:vmemoryuse:deny=100M/process" means that each
process of any user belonging to login class "users" may
allocate up to 100MB of virtual memory. Rule
"loginclass:users:vmemoryuse:deny=100M/user" would mean that for
each user belonging to the login class "users", the sum of
virtual memory allocated by all the processes of that user will not exceed
100MB. Rule "loginclass:users:vmemoryuse:deny=100M/loginclass"
would mean that the sum of virtual memory allocated by all processes of
all users belonging to that login class will not exceed 100MB.
A valid rule has all those fields specified, except for
, which defaults to the value of
A filter is a rule for which one of more fields other than
is left empty. For example, a filter that
matches every rule could be written as ":::=/", or, in short,
":". A filter that matches all the login classes would be
"loginclass:". A filter that matches all defined rules for
resource would be "::maxproc".
||numerical Process ID
||user name or numerical User ID
||login class from
||CPU time, in seconds
||data size, in bytes
||stack size, in bytes
||core dump size, in bytes
||resident set size, in bytes
||locked memory, in bytes
||number of processes
||file descriptor table size
||address space limit, in bytes
||number of PTYs
||swap space that may be reserved or used, in bytes
||number of threads
||number of queued SysV messages
||SysV message queue size, in bytes
||number of SysV message queues
||number of SysV semaphores
||number of SysV semaphores modified in a single semop(2) call
||number of SysV shared memory segments
||SysV shared memory size, in bytes
||wallclock time, in seconds
||%CPU, in percents of a single CPU core
||filesystem reads, in bytes per second
||filesystem writes, in bytes per second
||filesystem reads, in operations per second
||filesystem writes, in operations per second
||deny the allocation; not supported for
||log a warning to the console
||send notification to
using system = "RCTL",
subsystem = "rule",
type = "matched"
||e.g. sigterm; send a signal to the
offending process. See
for a list of supported signals
||slow down process execution; only supported for
Not all actions are supported for all resources. Attempting to add a rule with
an action not supported by a given resource will result in error.
utility exits 0 on success,
and >0 if an error occurs.
Prevent user "joe" from allocating more than 1GB of virtual memory:
Remove all RCTL rules:
Display resource utilization information for jail named "www":
Display all the rules applicable to process with PID 512:
Display all rules:
Display all rules matching user "joe":
Display all rules matching login classes:
command appeared in
was developed by
Edward Tomasz Napierala
under sponsorship from the FreeBSD Foundation.
may kill the machine due to
counters are only approximations. Like
, they are calculated in the filesystem
layer, where it is difficult or even impossible to observe actual disk device
resources generally account for writes
to the filesystem cache, not to actual devices.