On 08/10/18 15:00, John Reiser wrote: > Allowing 1M open files per unprivileged process is too many. > > Megabytes of RAM are precious. A hard limit of 1M open files per process > allows each process to eat at least 256MB (1M * sizeof(struct file) > [linux/fs.h]) of RAM. If a single user is allowed 1000 processes, > then that's 256GB of RAM, which is a Denial-of-Service attack. > > Yes, 4096 open files is not enough. Raise it to 65536. > Correct me if I'm wrong, but wouldn't this be capped by the system-wide limit (i.e. it would hit ENFILE) before presenting a problem? _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
