Restricting Resource Limits
The Level IV policy is set by the administrative user using the resource-limits statement at the [edit system extensions] hierarchy level.
The limits imposed by a Level IV policy can be configured either by package or by individual processes in the package. Limits defined for individual processes override the limits defined for an entire package. Any limits not set as Level IV limits inherit the limits from Level III if they exist or from Level II.
The following hierarchy shows all the statements for setting resource limits:
If an application exceeds any of the imposed limits, the router logs it. For example, if a process tries to exceed its stack size, the process is terminated and the system generates a core file.
Level IV policies can be more restrictive than previous policy levels, but they cannot ease the limits set by the other levels. If you try to commit a resource limit that is higher (less stringent) than the inherited value, the commit operation fails with the following error message:
[edit system extensions resource-limits]
'process jnx-example-service'
Limit validation failed for program 'jnx-example-service', resource 'file' limit 'open': raising limits defined in role 'Provider_Daemon' is not allowed.
commit complete
[edit system extensions resource-limits]
Level IV policies can be applied either during runtime of the application or before the application gets started. However, if the application was already running when a new limit is applied, the application must be restarted manually in order to allow for the new limits to take effect.
If you delete a resource configuration, the setting goes back to the limits from the assigned role in the manifest file (Level II or Level III).
