After a kernel update, a service fails to start with 'cannot allocate memory'. The system has 16GB RAM and 8GB swap. Which command should the administrator run first to diagnose potential memory limits?
Shows process resource limits, which may be too low.
Why this answer
Option B is correct because `ulimit -a` displays all current user-level resource limits, including `max memory size`, `max processes`, and `max locked memory`. After a kernel update, the service may be hitting a newly enforced or reduced `ulimit` (e.g., `RLIMIT_AS` or `RLIMIT_DATA`), which can cause 'cannot allocate memory' even when system memory is abundant. This command is the fastest way to check if a per-process limit is the culprit.
Exam trap
The trap here is that candidates see 'cannot allocate memory' and immediately think of system memory exhaustion, leading them to choose `free -m` or `/proc/meminfo`, but the LFCS exam tests the distinction between system-wide memory and per-process resource limits enforced by `ulimit`.
How to eliminate wrong answers
Option A is wrong because `free -m` shows overall system memory and swap usage, but the error 'cannot allocate memory' can occur even with plenty of free RAM if a per-process limit is imposed; `free` does not reveal user limits. Option C is wrong because `cat /proc/meminfo` provides detailed kernel memory statistics (e.g., MemTotal, MemFree, Committed_AS) but does not show per-process resource limits enforced by the shell or PAM; it cannot diagnose a `ulimit` restriction. Option D is wrong because `sysctl vm.overcommit_memory` controls the kernel's memory overcommit policy (0=heuristic, 1=always, 2=never overcommit), but the error 'cannot allocate memory' from a service is typically a per-process limit issue, not a system-wide overcommit setting; changing this sysctl is a more advanced step after confirming limits.