In short, I don't think it's better to have task-counting and fd-counting in memcg.
It's kmem, but it's more than that, I think.
Please provide subsys like ulimit.
So, you think that while kmem would be enough to prevent fork-bombs,
it would still make sense to limit in more traditional ways
(ie. ulimit style object limits). Hmmm....
I personally think this is namespaces business, not cgroups.
If you have a process namespace, an interface that works to limit the
number of processes should keep working given the constraints you are
given.
What doesn't make sense, is to create a *new* interface to limit
something that doesn't really need to be limited, just because you
limited a similar resource before.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
