[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160314091417.GA11400@dhcp22.suse.cz>
Date: Mon, 14 Mar 2016 10:14:18 +0100
From: Michal Hocko <mhocko@...nel.org>
To: "Yuriy M. Kaminskiy" <yumkam@...il.com>
Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
containers@...ts.osdl.org
Subject: Re: userns, netns, and quick physical memory consumption by
unprivileged user
On Fri 11-03-16 18:06:59, Yuriy M. Kaminskiy wrote:
[...]
> And also tried with memcg:
> t=/sys/fs/cgroup/memory/test1;mkdir $t;echo 0 >$t/tasks;
> echo 48M >$t/memory.limit_in_bytes; su testuser [...]
> and it has not helped at all (rather opposite, it ended up with killed
> init and kernel panic; well, later is pure (un)luck; but point is, memcg
> apparently *CANNOT* curb net/ns allocations).
It seems you were using memcg v1 here. This didn't have the kernel
memory accounting enabled by default. With the v2 you get both user and
kernel (well some subset of it) accounting enabled. Whether we account
also netns related data structures sufficiently is a question. I haven't
checked. But it would be worth trying and fix.
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists