henry@utzoo.uucp (Henry Spencer) (09/15/89)
In article <41737@sgi.sgi.com> jmb@patton.sgi.com (Jim Barton) writes: >filling up swap won't crash the machine, the OS will instead start gunning >down processes... Would it be too much to ask that this be made a configuration option? Some of us think that it is much better for a machine to crash cleanly than to try to keep running with crucial processes (Murphy's Law says that the gunned-down processes will be important daemons) dying randomly and disrupting operations in bizarre ways. -- V7 /bin/mail source: 554 lines.| Henry Spencer at U of Toronto Zoology 1989 X.400 specs: 2200+ pages. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
geoff@utstat.uucp (Geoff Collyer) (09/16/89)
Jim Barton: >>filling up swap won't crash the machine, the OS will instead start gunning >>down processes... Henry Spencer: >Would it be too much to ask that this be made a configuration option? >Some of us think that it is much better for a machine to crash cleanly >than to try to keep running with crucial processes (Murphy's Law says that >the gunned-down processes will be important daemons) dying randomly and >disrupting operations in bizarre ways. I would like to amplify Henry's comment. Why strafe innocent processes? When possible, I think returning ENOMEM from fork, exec, sbrk and the like is preferable; when that is not possible, given that sensible modern Unixes can be made to autoboot after a panic (ahem!), a panic("out of swap space") will cause a brief interruption and a clean start. Strafing processes (on our SunOS 3.x systems) has usually resulted in the deaths of inetd and sometimes ypbind or ypserv. After killing such critical daemons, the system was dead in the water and had to be manually crashed (L1-A key) and booted. This is not what you want from a timesharing system (pardon my heresy) that is meant to run unattended much of the time. -- Geoff Collyer utzoo!utstat!geoff, geoff@utstat.toronto.edu