Nick Piggin <nickpiggin@xxxxxxxxxxxx> writes: >> Would any of them work on a system on which every filesystem was on >> ramfs, and there was no swap? If not then they are not memory attacks >> but I/O attacks. >> >> I completely concede that you can DOS the system with I/O if that is >> not limited as well. >> >> My point is that is not a memory problem but a disk I/O problem which is >> much easier to and cheaper to solve. Disk I/O is fundamentally a slow >> path which makes it hard to modify it in a way that negatively affects >> system performance. >> >> I don't think with a memory RSS limit you can DOS the system in a way >> that is purely about memory. You have to pick a different kind of DOS >> attack. > > It can be done trivially without performing any IO or swap, yes. Please give me a rough sketch of how to do so. Or is this about DOS'ing the system by getting the kernel to allocate a large number of data structures (struct file, struct inode, or the like)? Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers