On Tue 16-11-21 13:27:34, Mina Almasry wrote: > On Tue, Nov 16, 2021 at 3:29 AM Michal Hocko <mhocko@xxxxxxxx> wrote: [...] > > Can you elaborate some more? How do you enforce that the mount point > > cannot be accessed by anybody outside of that constraint? > > So if I'm a bad actor that wants to intentionally DoS random memcgs on > the system I can: > > mount -t tmpfs -o memcg=/sys/fs/cgroup/unified/memcg-to-dos tmpfs /mnt/tmpfs > cat /dev/random > /mnt/tmpfs If you can mount tmpfs then you do not need to fiddle with memcgs at all. You just DoS the whole machine. That is not what I was asking though. My question was more towards a difference scenario. How do you prevent random processes to _write_ to those mount points? User/group permissions might be just too coarse to describe memcg relation. Without memcg in place somebody could cause ENOSPC to the mount point users and that is not great either but that should be recoverable to some degree. With memcg configuration this would cause the memcg OOM which would be harder to recover from because it affects all memcg charges in that cgroup - not just that specific fs access. See what I mean? This is a completely new failure mode. The only reasonable way would be to reduce the visibility of that mount point. This is certainly possible but it seems rather awkward when it should be accessible from multiple resource domains. I cannot really shake off feeling that this is potentially adding more problems than it solves. -- Michal Hocko SUSE Labs
