Date: Thu, 23 Aug 2001 12:00:05 -0700 From: "Shannon Johnson" <shannon@designcurve.net> To: <freebsd-security@freebsd.org> Cc: "Alexey Zakirov" <frank@agava.com> Subject: Re: jail & security Message-ID: <003b01c12c05$d2e89100$3303a8c0@needhams.com> References: <Pine.BSF.4.32.0108232240021.47648-100000@hellbell.domain>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 23 Aug 2001, Alexey Zakirov wrote:
>
> > > yourself from destroying a system (e.g. read only file system, setting
the
> > > system immutable flag, etc.)
> > >
> > > Remind me to never give you a shell account.
> >
> > Alexey is wrong in stating 'You CAN'T limit whole jail limits.' you
> > actually can given the right patches to the jail subsystem. :)
>
> Am I wrong? Can you setup jail that limits his CPU/MEM for particular
> jail?
Yes, infact you are incorrect. I have set up literally dozens of jails both
at home and work. Through this I have experimented with allot of
configurations, including login classes.
One way that I tested this out was to write a simple c program to test that
the cpu/memory limits were being properly limited by login.conf. Here tis...
int main(void) {
while(1) malloc(100);
}
This is obviously required allot of memory/CPU. But it proved my point.
By the way, where are the patches that you referred to earlier.
---
Shannon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003b01c12c05$d2e89100$3303a8c0>