On Mon, 07.11.11 02:31, Christoph Hellwig (hch@xxxxxxxxxxxxx) wrote: > > On Sun, Nov 06, 2011 at 06:15:01PM -0300, Davidlohr Bueso wrote: > > From: Davidlohr Bueso <dave@xxxxxxx> > > > > This patch adds a new RLIMIT_TMPFSQUOTA resource limit to restrict an individual user's quota across all mounted tmpfs filesystems. > > It's well known that a user can easily fill up commonly used directories (like /tmp, /dev/shm) causing programs to break through DoS. > > Please jyst implement the normal user/group quota interfaces we use for other > filesystem. Please don't. tmpfs by its very nature is volatile, which means that we'd have to upload the quota data explicitly each time we mount a tmpfs, which means we'd have to add quite some userspace infrastructure to make tmpfs work with quota. Either every time a tmpfs is mounted we'd have to apply a quota for every configured user and every future user to it (which is simply not realistic) or on every user logging in we'd have to go through all tmpfs mount points and apply a user-specific quota setting to it -- which isn't much less ugly and complex. Just using a user-specific RLIMIT is much much simpler and beautiful there, and requires almost no changes to userspace. On top of that I think a global quota over all tmpfs is actually preferable than a per-tmpfs quota, because what you want to enforce is that clients cannot drain the pool that tmpfs is backed from but how they distribute their share of that pool on the various tmpfs mounted doesn't really matter in order to avoid DoS vulnerabilities. In short: a resource limit for tmpfs quota looks like the best solution here, which does exactly what userspace wants. Lennart -- Lennart Poettering - Red Hat, Inc. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>