Date: Tue, 17 Mar 2009 13:41:32 -0600 From: Nicolas de Bari Embriz Garcia Rojas <nbari@k9.cx> To: Jille Timmermans <jille@quis.cx> Cc: freebsd-jail@FreeBSD.org Subject: Re: maxproc per jail Message-ID: <86EEC660-5154-42E2-BF93-9A7794E0CFB7@k9.cx> In-Reply-To: <49BFF9AB.7030406@quis.cx> References: <AFF1A183-8257-451D-B308-722DE62899DA@k9.cx> <49BFB7A5.2030505@quis.cx> <65CE8B12-4C88-47A3-85A0-915708881925@k9.cx> <49BFF9AB.7030406@quis.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-7--833828344 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit A friend suggested to schg the rc.conf and login.conf of the jail and put the root user in a login class with some strict perms. maybe can be a solution. regards. -- > nbari On Mar 17, 2009, at 1:27 PM, Jille Timmermans wrote: > Nicolas de Bari Embriz Garcia Rojas schreef: >> Hi, thanks for the answer just on question how to setup rlimit for >> jails >> ? any ideas > I'm sorry for leaving that unclear; there is no rlimit for jails atm. > But if someone wants to create a root-proof protection, I think that > is > the way to go. (being able to limit everything that rlimit can limit > for > single processes now) > > I unfortunately can't find the patch I mentioned, must have lost that > during some disk-crash. > > So, I am afraid there is nothing I can do to help you. > > -- Jille >> >> regards. >> -- >>> nbari >> >> On Mar 17, 2009, at 8:45 AM, Jille Timmermans wrote: >> >>> Nicolas de Bari Embriz Garcia Rojas schreef: >>>> Hi all, it is posible to limite the maxproc per jail ? >>> No, I wrote a patch once; I will take a look whether I still have it >>> somewhere. >>> But the patch only limits the number of processes, not memory nor >>> open >>> files. >>> The best thing to do (I think) is create some rlimit for jails. >>> >>> -- Jille >>>> or how to put a protection to the main host in case the root user >>>> of >>>> a jail try to make a fork bom. >>>> regards. >>>> -- >>>>> nbari >> --Apple-Mail-7--833828344 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkm//O0ACgkQKHSHKa69I1u80ACdHKmrMD7W/Dx6xXCHXFA63Z59 HwgAniBBmtULfhAv6ifimzqexIxqcqMA =HTfe -----END PGP SIGNATURE----- --Apple-Mail-7--833828344--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86EEC660-5154-42E2-BF93-9A7794E0CFB7>