lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160314091417.GA11400@dhcp22.suse.cz>
Date:	Mon, 14 Mar 2016 10:14:18 +0100
From:	Michal Hocko <mhocko@...nel.org>
To:	"Yuriy M. Kaminskiy" <yumkam@...il.com>
Cc:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	containers@...ts.osdl.org
Subject: Re: userns, netns, and quick physical memory consumption by
 unprivileged user

On Fri 11-03-16 18:06:59, Yuriy M. Kaminskiy wrote:
[...]
> And also tried with memcg:
>   t=/sys/fs/cgroup/memory/test1;mkdir $t;echo 0 >$t/tasks;
>   echo 48M >$t/memory.limit_in_bytes; su testuser [...]
> and it has not helped at all (rather opposite, it ended up with killed
> init and kernel panic; well, later is pure (un)luck; but point is, memcg
> apparently *CANNOT* curb net/ns allocations).

It seems you were using memcg v1 here. This didn't have the kernel
memory accounting enabled by default. With the v2 you get both user and
kernel (well some subset of it) accounting enabled. Whether we account
also netns related data structures sufficiently is a question. I haven't
checked.  But it would be worth trying and fix.

-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ