On 2005/03/22 12:49, Jan Engelhardt <[EMAIL PROTECTED]> wrote: > What if the few procs that he may spawn also grab so much memory so > your machine disappears in swap-t(h)rashing?
The number of processes is counted per user, but CPU time and memory consumption is counted per process. Going around RLIMIT_CPU is too easy by simply forkbombing. This renders RLIMIT_CPU unusable. The memory limits aren't good enough either: if you set them low enough that memory-forkbombs are unperilous for RLIMIT_NPROC*RLIMIT_DATA, it's probably too low for serious applications. Now what about per-user (or per-session) CPU and memory limits? Another idea: RLIMIT_FORK (number of allowed fork() calls in that session). While that may not be useful for interactive login sessions, I can imagine several situations where it could help (like qmail child processes). Max - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/