| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Apr 2012 11:56:12 -0400 From: Vivek Goyal <vgoyal@...hat.com> To: Tejun Heo <tj@...nel.org> Cc: Jeff Moyer <jmoyer@...hat.com>, axboe@...nel.dk, ctalbott@...gle.com, rni@...gle.com, linux-kernel@...r.kernel.org, cgroups@...r.kernel.org, containers@...ts.linux-foundation.org, fengguang.wu@...el.com, hughd@...gle.com, akpm@...ux-foundation.org Subject: Re: [PATCH 11/11] blkcg: implement per-blkg request allocation On Fri, Apr 27, 2012 at 08:51:40AM -0700, Tejun Heo wrote: > On Fri, Apr 27, 2012 at 11:48:41AM -0400, Vivek Goyal wrote: > > Not an unpriviliged malicious application. In typical cgroup scenario, we > > can allow unpriviliged users to create child cgroups so that it can > > further subdivide its resources to its children group. (ex. put firefox > > in one cgroup, open office in another group etc.). > > > > So it is not same as jack up nr_requests. > > I find allowing unpriv users creating cgroups dumb. cgroup consumes > kernel memory. Sans using kmemcg, what prevents them from creating > gazillion cgroups and consuming all memories? The idea of allowing > cgroups to !priv users is just broken from the get go. Well creating a task consumes memory too but we allow unpriv users to create tasks. :-) May be a system wide cgroup limit will make sense? Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists