Re: [PATCH 11/11] blkcg: implement per-blkg request allocation
From: Vivek Goyal
Date: Fri Apr 27 2012 - 11:56:17 EST
On Fri, Apr 27, 2012 at 08:51:40AM -0700, Tejun Heo wrote:
> On Fri, Apr 27, 2012 at 11:48:41AM -0400, Vivek Goyal wrote:
> > Not an unpriviliged malicious application. In typical cgroup scenario, we
> > can allow unpriviliged users to create child cgroups so that it can
> > further subdivide its resources to its children group. (ex. put firefox
> > in one cgroup, open office in another group etc.).
> >
> > So it is not same as jack up nr_requests.
>
> I find allowing unpriv users creating cgroups dumb. cgroup consumes
> kernel memory. Sans using kmemcg, what prevents them from creating
> gazillion cgroups and consuming all memories? The idea of allowing
> cgroups to !priv users is just broken from the get go.
Well creating a task consumes memory too but we allow unpriv users to
create tasks. :-)
May be a system wide cgroup limit will make sense?
Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/