From owner-freebsd-jail@FreeBSD.ORG Tue Mar 17 17:29:22 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7DEDF1065675 for ; Tue, 17 Mar 2009 17:29:22 +0000 (UTC) (envelope-from nbari@k9.cx) Received: from exprod7og109.obsmtp.com (exprod7og109.obsmtp.com [64.18.2.171]) by mx1.freebsd.org (Postfix) with SMTP id 196818FC0A for ; Tue, 17 Mar 2009 17:29:21 +0000 (UTC) (envelope-from nbari@k9.cx) Received: from source ([209.85.200.170]) by exprod7ob109.postini.com ([64.18.6.12]) with SMTP ID DSNKSb/d8UebLVAcGul3Eb7Wcfsv+wUZcbX0@postini.com; Tue, 17 Mar 2009 10:29:22 PDT Received: by wf-out-1314.google.com with SMTP id 26so101256wfd.0 for ; Tue, 17 Mar 2009 10:29:18 -0700 (PDT) Received: by 10.114.159.17 with SMTP id h17mr159497wae.124.1237310958063; Tue, 17 Mar 2009 10:29:18 -0700 (PDT) Received: from ?192.168.5.10? ([201.136.64.124]) by mx.google.com with ESMTPS id v32sm6533330wah.52.2009.03.17.10.29.15 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 17 Mar 2009 10:29:16 -0700 (PDT) Message-Id: <65CE8B12-4C88-47A3-85A0-915708881925@k9.cx> From: Nicolas de Bari Embriz Garcia Rojas To: Jille Timmermans In-Reply-To: <49BFB7A5.2030505@quis.cx> Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-3--841776180" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Tue, 17 Mar 2009 11:29:05 -0600 References: <49BFB7A5.2030505@quis.cx> X-Pgp-Agent: GPGMail d55 (v55, Leopard) X-Mailer: Apple Mail (2.930.3) Cc: freebsd-jail@FreeBSD.org Subject: Re: maxproc per jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Mar 2009 17:29:23 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-3--841776180 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hi, thanks for the answer just on question how to setup rlimit for jails ? any ideas regards. -- > nbari On Mar 17, 2009, at 8:45 AM, Jille Timmermans wrote: > Nicolas de Bari Embriz Garcia Rojas schreef: >> Hi all, it is posible to limite the maxproc per jail ? > No, I wrote a patch once; I will take a look whether I still have it > somewhere. > But the patch only limits the number of processes, not memory nor > open files. > The best thing to do (I think) is create some rlimit for jails. > > -- Jille >> or how to put a protection to the main host in case the root user >> of a jail try to make a fork bom. >> regards. >> -- >> > nbari --Apple-Mail-3--841776180 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkm/3eEACgkQKHSHKa69I1v5mQCgtHZEe5KZhElQ4cnlUKSQ2Gf/ Vh8An04V6DdfSTldgXfzqTuEtI40zBrY =JOdm -----END PGP SIGNATURE----- --Apple-Mail-3--841776180--