Process Exhaustion Experiment
The Process Exhaustion experiment simulates running processes on a target to consume process IDs (PIDs).
Overview
Process Exhaustion works by creating new operating system processes, with the goal of consuming the number of process IDs (PIDs) available on the target. Operating systems have a limited number of PIDs that they can allocate. Once all PIDs are in use, the operating system can no longer start new processes and may crash.
Linux
Gremlin uses Linux cgroups to retrieve process information. This is the same method used to run container experiments.
Options
Troubleshooting
If you receive an error message while trying to run this experiment, check to see if it's listed below.
apply caps: operation not permitted: This error occurs when the Kubernetes agent doesn't have the Linux capability SYS_RESOURCE enabled. See our security page for details on which capabilities are required.
Resource temporarily unavailable (os error 11): This error indicates we've exceeded the process limit for the host. Try reducing the number of processes created.
Attack interrupted by the OOMKiller. Target state is exited, OOMKiller killed target.: This error occurs when we've exceeded the memory available to a Kubernetes target (e.g. a pod). If this error message appears, it's likely that Kubernetes will terminate the target container.