Re: [patch 016/104] epoll: introduce resource usage limits

From: Davide Libenzi
Date: Wed Jan 28 2009 - 19:31:28 EST


On Wed, 28 Jan 2009, Chris Adams wrote:

> Once upon a time, Davide Libenzi <davidel@xxxxxxxxxxxxxxx> said:
> >I already gave you my opinion on such code. There is no need for it. If
> >your servers are loaded, in the same way you bump NFILES (and likely
> >even other default configs), you bump up max_user_instances:
>
> The flip side of that is this could just be added to the list of limits
> you set on a multi-user system if you don't want $LUSER to DoS your
> server (such as max procs, cpu time, virtual memory, etc.). I don't
> think this is a security issue on single-user systems or servers with
> only privileged access.
>
> Admins of multi-user systems are used to having to manage limits (see
> pam_limits for example). Admins of single-user or privileged servers
> (e.g. mail or non-shared web servers) are not for the most part (postfix
> doesn't open 1025 files in a single process).

It seems this is the most agreeable solution based on this thread replies.
That is, leave it unbound, and offer limiting capabilities to multiuser
sysadmins.



- Davide


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/