Hello, There are many basic ways to control processes, including capabilities, cgroups and resource limits. However, there are far fewer ways to find out useful values for the limits, except blind trial and error.
This patch series attempts to fix that by giving at least a nice starting point for configuration of PID and device cgroups. Thanks to the commenters for the previous version. -Topi Topi Miettinen (2): cgroup_pids: track highwater mark of pids device_cgroup: track and present accessed devices kernel/cgroup_pids.c | 51 ++++++++++++++++++++++++++-- security/device_cgroup.c | 86 ++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 117 insertions(+), 20 deletions(-) -- 2.8.1