Re: [PATCH] new cgroup controller "fork"
From: Max Kellermann
Date: Fri Nov 04 2011 - 09:38:50 EST
On 2011/11/04 14:11, Glauber Costa <glommer@xxxxxxxxxxxxx> wrote:
> For other uses, we can watch the task counter increase until a
> certain value, and then set the limit to 0.
>
> Max, wouldn't it be enough for your use?
No. We do have a process limit already (I didn't publish it yet), but
we might adopt Frederic's new controller as soon as it hits our
servers. The fork controller complements it, and we have many others.
We run a shared CGI hosting platform with millions of accounts, and
many users have badly designed or even vulnerable PHP scripts. The
fork controller is very effective at stopping certain kinds of those.
Other controllers shall keep other problems small. This mix of many
different measures has been working very well for quite a few years.
We'll just keep that code on our private git repository .. rebasing on
new kernel releases is easy enough for me.
Max
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/