Finding capped memory of a non global zone

CuriousDev · October 15, 2014, 3:57am

Is there a way to find the capped memory of a solaris non global zone from the non global zone itself (given rcapd is disabled)

jim_mcnamara · October 15, 2014, 6:43am

zonestat -z zonename -r physical-memory 2

from inside the zone - only works for later versions of Solaris 10.

or --

ssh globalzone '/usr/sbin/zonecfg -z zonename info'

CuriousDev · October 15, 2014, 7:05am

I'm working on solaris 10 and zonestat is not available.
I was looking for a way to retrieve the info from the non global zone itself rather than from the global. Isn't this info stored somewhere inside the zone from where it could be read?

jim_mcnamara · October 15, 2014, 11:17am

Not really for a regular user. It is /etc/zones/zonename.xml only visible from the global zone.

Sun took extra care to be sure there is no way to "escape" directly from the virtual machine (zone) into the controlling domain. That would create a horrible security hole. And some data must exist locally in kernel or zsched memory, which requires privileged access.

Use ssh - that reads directly from the global zone via a "proxy". I don't get your requirement for local access. Unless you are a programmer writing code and cannot access the global zone. If so, then if the mcap is absolutely required you will have to work with your sysadmin on that requirement. S/he may write some code for you or "place" a file just after boot time:

cp /etc/zones/*.xml /etc/zones/zonename/root/tmp/

Which is a small security issue, compared to granting users access. You would then see the file you need in /tmp. This does not accomodate the use of prctl to dynamically change zone resource control values during runtime.

grep 'mcap_physcap' /etc/zones/zonename.xml
<mcap physcap="34359738368"/>

so

mcap=$(ssh zonename "grep 'mcap_physcap' /etc/zones/${zonename}.xml" )

You can then parse the number in the variable mcap.

MadeInGermany · October 15, 2014, 4:02pm

Show the resource controls that the current shell inherits:

prctl -P $$

CuriousDev · October 16, 2014, 1:26am

Jim, I am writing code that runs on the local zone and cannot access the global zone. So copying or ssh is not an option. I do have root access but I can't find a command that can fetch this info for me.

MadeInGermany,

prctl -P $$ - I could not find the Physical memory cap data in this.

There are other data like swap, locked memory cap etc

zone.max-swap privileged 536870912 - deny -
zone.max-locked-memory privileged 54525952 - deny -
..

os2mac · November 7, 2014, 1:34pm

well it's kind of a hack but when you look at top in the zone. The memory line shows the capped memory....