[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111107112952.GB25130@tango.0pointer.de>
Date: Mon, 7 Nov 2011 12:29:52 +0100
From: Lennart Poettering <mzxreary@...inter.de>
To: Christoph Hellwig <hch@...radead.org>
Cc: Davidlohr Bueso <dave@....org>, Hugh Dickins <hughd@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
lkml <linux-kernel@...r.kernel.org>, linux-mm@...ck.org,
Kay Sievers <kay.sievers@...y.org>
Subject: Re: [RFC PATCH] tmpfs: support user quotas
On Mon, 07.11.11 02:31, Christoph Hellwig (hch@...radead.org) wrote:
>
> On Sun, Nov 06, 2011 at 06:15:01PM -0300, Davidlohr Bueso wrote:
> > From: Davidlohr Bueso <dave@....org>
> >
> > This patch adds a new RLIMIT_TMPFSQUOTA resource limit to restrict an individual user's quota across all mounted tmpfs filesystems.
> > It's well known that a user can easily fill up commonly used directories (like /tmp, /dev/shm) causing programs to break through DoS.
>
> Please jyst implement the normal user/group quota interfaces we use for other
> filesystem.
Please don't.
tmpfs by its very nature is volatile, which means that we'd have to
upload the quota data explicitly each time we mount a tmpfs, which means
we'd have to add quite some userspace infrastructure to make tmpfs work
with quota. Either every time a tmpfs is mounted we'd have to apply a
quota for every configured user and every future user to it (which is
simply not realistic) or on every user logging in we'd have to go
through all tmpfs mount points and apply a user-specific quota setting
to it -- which isn't much less ugly and complex. Just using a
user-specific RLIMIT is much much simpler and beautiful there, and
requires almost no changes to userspace.
On top of that I think a global quota over all tmpfs is actually
preferable than a per-tmpfs quota, because what you want to enforce is
that clients cannot drain the pool that tmpfs is backed from but how
they distribute their share of that pool on the various tmpfs mounted
doesn't really matter in order to avoid DoS vulnerabilities.
In short: a resource limit for tmpfs quota looks like the best solution
here, which does exactly what userspace wants.
Lennart
--
Lennart Poettering - Red Hat, Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists