On Mon, Jul 19, 2021 at 3:46 AM Vasily Averin <vvs@xxxxxxxxxxxxx> wrote: > > When a user send a signal to any another processes it forces the kernel > to allocate memory for 'struct sigqueue' objects. The number of signals > is limited by RLIMIT_SIGPENDING resource limit, but even the default > settings allow each user to consume up to several megabytes of memory. > Moreover, an untrusted admin inside container can increase the limit or > create new fake users and force them to sent signals. > > It makes sense to account for these allocations to restrict the host's > memory consumption from inside the memcg-limited container. > > Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx> It seems like there is an agreement on this patch with the updated commit message. In next version you can add: Reviewed-by: Shakeel Butt <shakeelb@xxxxxxxxxx>
