On Tue, Jun 09, 2015 at 09:32:10PM +1000, Aleksa Sarai wrote: > Adds a new single-purpose PIDs subsystem to limit the number of > tasks that can be forked inside a cgroup. Essentially this is an > implementation of RLIMIT_NPROC that applies to a cgroup rather than a > process tree. > > However, it should be noted that organisational operations (adding and > removing tasks from a PIDs hierarchy) will *not* be prevented. Rather, > the number of tasks in the hierarchy cannot exceed the limit through > forking. This is due to the fact that, in the unified hierarchy, attach > cannot fail (and it is not possible for a task to overcome its PIDs > cgroup policy limit by attaching to a child cgroup -- even if migrating > mid-fork it must be able to fork in the parent first). > > PIDs are fundamentally a global resource, and it is possible to reach > PID exhaustion inside a cgroup without hitting any reasonable kmemcg > policy. Once you've hit PID exhaustion, you're only in a marginally > better state than OOM. This subsystem allows PID exhaustion inside a > cgroup to be prevented. Patches 3-4 look good to me. Will apply once v4.3 dev window opens. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html