In message <[EMAIL PROTECTED]>, Julian Elischer writes : >> There has always been code in kern/tty_pty.c which makes sure that the >> master and slave have the same prison: > >but a jailed user could perform a denial of service by using up all teh ptys.?
There is no general resource protection for jails: You can use up any resource you can get your hand on: processes, disk, filedescriptors, ptys, mbuf clusters, you name it. If you want to add resource limitations to jails, then do it right from the bottom, instead of as local hacks in random drivers or other hotspots. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
