Hello, On Thu, Aug 08, 2013 at 04:43:51PM +0200, Michal Hocko wrote: > > Is it correct that you fix one local DoS by introducing a new one? > > With the page the !priv user can block root from registering a threshold. > > Is it really the way we want to fix it? > > OK, I will think about it some more. The only thing the patch does is replacing implicit global resource limit with an explicit one. Whether that's useful or not, I don't know, but it doesn't really change the nature of the problem or actually fix anything. The only way to fix it is rewriting the whole thing so that allocations are broken up per source, which I don't think is a good idea at this point. I'd just add a comment noting why it's broken. Given that delegating to !priv users is horribly broken anyway, I don't think this worsens the situation by too much anyway. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
