On Tue, Nov 10, 2015 at 03:06:46PM +0100, Max Kellermann wrote: > This patch introduces a new setting called "fork_remaining". When > positive, each successful fork decrements the value, and once it > reaches zero, no further forking is allowed, no matter how many of > those processes are still alive. The special value "unlimited" > disables the fork limit. > > The goal of this limit is to have another safeguard against fork > bombs. It gives processes a chance to set up their child processes / > threads, but will be stopped once they attempt to waste resources by > continuously exiting and cloning new processes. This can be useful > for short-lived processes such as CGI programs. But what's the resource here? All first-order resources which can be consumed by forking repeatedly already have proper controllers. What's the point of adding an extra second-order controller? Where do we go from there? Limit on the number of syscalls? Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
