(2012/04/18 1:52), Glauber Costa wrote: > >>> In short, I don't think it's better to have task-counting and fd-counting in memcg. >>> It's kmem, but it's more than that, I think. >>> Please provide subsys like ulimit. >> >> So, you think that while kmem would be enough to prevent fork-bombs, >> it would still make sense to limit in more traditional ways >> (ie. ulimit style object limits). Hmmm.... >> > > I personally think this is namespaces business, not cgroups. > If you have a process namespace, an interface that works to limit the > number of processes should keep working given the constraints you are > given. > > What doesn't make sense, is to create a *new* interface to limit > something that doesn't really need to be limited, just because you > limited a similar resource before. > Ok, limitiing forkbomb is unnecessary. ulimit+namespace should work. What we need is user-id namespace, isn't it ? If we have that, ulimit works enough fine, no overheads. Thanks, -Kame _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
