From owner-freebsd-jail@FreeBSD.ORG  Tue Mar 17 15:02:08 2009
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 87518106568A
	for <freebsd-jail@FreeBSD.org>; Tue, 17 Mar 2009 15:02:08 +0000 (UTC)
	(envelope-from jille@quis.cx)
Received: from mulgore.hexon-is.nl (mulgore.hexon-is.nl [82.94.237.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 06BE78FC1A
	for <freebsd-jail@FreeBSD.org>; Tue, 17 Mar 2009 15:02:07 +0000 (UTC)
	(envelope-from jille@quis.cx)
Received: from [10.0.0.142] (gw.hexon-nijmegen.nl [82.93.241.107])
	(authenticated bits=0)
	by mulgore.hexon-is.nl (8.14.1/8.13.8) with ESMTP id n2HEjvUi004156;
	Tue, 17 Mar 2009 15:45:58 +0100
Message-ID: <49BFB7A5.2030505@quis.cx>
Date: Tue, 17 Mar 2009 15:45:57 +0100
From: Jille Timmermans <jille@quis.cx>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Nicolas de Bari Embriz Garcia Rojas <nbari@k9.cx>
References: <AFF1A183-8257-451D-B308-722DE62899DA@k9.cx>
In-Reply-To: <AFF1A183-8257-451D-B308-722DE62899DA@k9.cx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Hexon-MailScanner-Information: Please contact the ISP for more information
X-Hexon-MailScanner-ID: n2HEjvUi004156
X-Hexon-MailScanner: Found to be clean
X-Hexon-MailScanner-From: jille@quis.cx
X-Hexon-MailScanner-Watermark: 1237905959.26709@yV8blvO11am1cpkw6ZMQrA
Cc: freebsd-jail@FreeBSD.org
Subject: Re: maxproc per jail
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2009 15:02:09 -0000

Nicolas de Bari Embriz Garcia Rojas schreef:
> Hi all, it is posible to limite the maxproc per jail ?
No, I wrote a patch once; I will take a look whether I still have it 
somewhere.
But the patch only limits the number of processes, not memory nor open 
files.
The best thing to do (I think) is create some rlimit for jails.

-- Jille
> 
> or how to put a protection to the main host in case the root user of a 
> jail try to make  a fork bom.
> 
> regards.
> 
> -- 
>  > nbari
>