On Tue, Apr 05, 2011 at 14:12:03 -0600, Eric Blake wrote: > On 04/05/2011 01:46 PM, Jiri Denemark wrote: > > On Tue, Apr 05, 2011 at 09:28:00 -0600, Eric Blake wrote: > >> On 04/05/2011 08:09 AM, Jiri Denemark wrote: > >>> This patch adds max_processes option to qemu.conf which can be used to > >>> override system default limit on number of processes that are allowed to > >>> be running for qemu user. > > > > Actually it's important that we call setrlimit() before dropping root > > privileges since only such process can increase the limit. > > Makes sense. > > > > > The NPROC limit is pretty confusing since it logically doesn't fit in > > setrlimit and by it gets unnatural behavior as a result of it being set via > > setrlimit. It only affects the limit seen by current process which will soon > > be executing qemu code. > > Yeah, there's no real way to confine the absolute number of processes > owned by a single uid using just process inheritance; setrlimit only > affects the number of processes that can be forked within a given hierarchy. > > At any rate, this patch is certainly better than what was previously > available, I didn't see anything wrong with it, and you answered my > question, so: > > ACK. Thanks, pushed. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list