Date: Tue, 17 Mar 2009 20:27:39 +0100 From: Jille Timmermans <jille@quis.cx> To: Nicolas de Bari Embriz Garcia Rojas <nbari@k9.cx> Cc: freebsd-jail@FreeBSD.org Subject: Re: maxproc per jail Message-ID: <49BFF9AB.7030406@quis.cx> In-Reply-To: <65CE8B12-4C88-47A3-85A0-915708881925@k9.cx> References: <AFF1A183-8257-451D-B308-722DE62899DA@k9.cx> <49BFB7A5.2030505@quis.cx> <65CE8B12-4C88-47A3-85A0-915708881925@k9.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Nicolas de Bari Embriz Garcia Rojas schreef: > Hi, thanks for the answer just on question how to setup rlimit for jails > ? any ideas I'm sorry for leaving that unclear; there is no rlimit for jails atm. But if someone wants to create a root-proof protection, I think that is the way to go. (being able to limit everything that rlimit can limit for single processes now) I unfortunately can't find the patch I mentioned, must have lost that during some disk-crash. So, I am afraid there is nothing I can do to help you. -- Jille > > regards. > -- >> nbari > > On Mar 17, 2009, at 8:45 AM, Jille Timmermans wrote: > >> Nicolas de Bari Embriz Garcia Rojas schreef: >>> Hi all, it is posible to limite the maxproc per jail ? >> No, I wrote a patch once; I will take a look whether I still have it >> somewhere. >> But the patch only limits the number of processes, not memory nor open >> files. >> The best thing to do (I think) is create some rlimit for jails. >> >> -- Jille >>> or how to put a protection to the main host in case the root user of >>> a jail try to make a fork bom. >>> regards. >>> -- >>> > nbari >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49BFF9AB.7030406>