Archive
Posts from 2008
Resource controls against fork bombs executed inside Solaris Zones
I came across this neat little tidbit on page 27 while reading through the pdf article *UNDERSTANDING THE SECURITY CAPABILITIES OF SOLARIS™ ZONES SOFTWARE As a test, I'm going to set this resource control on a zone and execute a fork bombto see what appears in system logs. This is pretty cool stuff! This parameter can be used, but should not be set so low that it impacts normal application operation. An accurate baseline for the number of LWPs for a given zone should be determined in order to set this valuable at an appropriate level…
$ read more →zpool shrink / evict is almost here
The inability to remove devices from ZFS Zpools has been one of the most annoying / inflexiable things about ZFS. I once read a blogpost about somenone who added a USB flash stick into the root ZFS pool, and now the USB stick became a perminent fixture of the machine! There was no simple way to fix this issue other than backup / network dump / rebuild machine / network restore. Matthew Ahrens workedon changing the ZFS scrub code in SNV 94 (which made its way into the Fishwork's Amber Road NAS Appliance), but this work will also lay the groundwork for "zpool evict" or the such…
$ read more →Helpful shell shortcuts
So this may be a little basic, but I find myself using these two shortcuts quite a bit while at the shell. If you ever find yourself wanting to "reuse" the last argument in a command -- for example, here I move a file from one location into /var/tmp and I want to "cd" into /var/tmp without having to type it, use the shell variable !$... locutus:~ (svoboda)> dd if=/dev/zero of=/tmp/blah bs=1024000 count=1 1+0 records in 1+0 records out 1024000 bytes (1.0 MB) copied, 0.0109023 s, 93.9 MB/s locutus:~ (svoboda)> mv /tmp/blah /var/tmp locutus:~ (svoboda)> cd !$ cd /var/tmp locutus:/var/tmp (svoboda)> pwd /var/tmp If you wanted to "preface" your last command, you can throw anything you want into the shell followed by the !! shell shortcut…
$ read more →OpenSolaris IPS repository offerings growing
I'm really glad to see the OpenSolaris IPS repositories growing with the amount of available packages. Large network repositories of thousands of software packages make Fedora and Ubuntu the great, easy to use Linux distributions that they are. Extending the amount of packages available to OpenSolaris just builds upon this usability! A graph explaining the IPS repository structure, the forum post showing how to enable the pending repository, and a complete list of the 1708 pending IPS repository packages can be found here…
$ read more →Snooping loopback interfaces on Solaris hosts
One thing that I have always enjoyed about Linux is the ability to snoop traffic on loopback interfaces. This is extremely useful for debugging local communication problems, and the fact that you couldn't until recently do this on Solaris hosts was extremely annoying(especially in the world of zones!). I just read Peter Memishian's blog entry on the IP observability code that was recently putback into opensolaris, and low and behold you can now snoop loopback interfaces on Solaris hosts. This is awesome, and the ability to snoop by zone id is by far my favorite feature: The Solaris network stack just keeps getting better and better, and with the upcoming crossbow and IPMPng putbacks just around the corner, networking in Solaris will only get better…
$ read more →