On Mon, Jul 21, 2014 at 04:03:32PM +0400, Vladimir Davydov wrote: > I think it's all about how we're going to use memory cgroups. If we're > going to use them for application containers, there's simply no such > problem, because we only want to isolate a potentially dangerous process > group from the rest of the system. If we want to start a fully > virtualized OS inside a container, then we certainly need a kind of For shell environments, ulimit is a much better specific protection mechanism against fork bombs and process-granular OOM killers would behave mostly equivalently during fork bombing to the way it'd behave in the host environment w/o cgroups. I'm having a hard time seeing why this would need any special treatment from cgroups. Thanks. -- tejun -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>