On Wed 07-11-18 18:04:59, Martin Steigerwald wrote: > Michal Hocko - 07.11.18, 17:00: > > > > otherwise anybody could simply DoS the system > > > > by consuming all available pids. > > > > > > People can do that today using the instrument of terror widely known > > > as fork(2). The only thing standing between fork(2) and a full > > > process table is RLIMIT_NPROC. > > > > not really. If you really do care about pid space depletion then you > > should use pid cgroup controller. > > Its not quite on-topic, but I am curious now: AFAIK PID limit is 16 > bits. Right? Could it be raised to 32 bits? I bet it would be a major > change throughout different parts of the kernel. > > 16 bits sound a bit low these days, not only for PIDs, but also for > connections / ports. Do you have any specific example of the pid space exhaustion? Well except for a fork bomb attacks that could be mitigated by the pid cgroup controller. -- Michal Hocko SUSE Labs
