Re: (pspace,pid) vs true pid virtualization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-02-20 at 12:54 +0300, Kirill Korotaev wrote:
> VPS has reached it's process limit and you can't enter it.
> If you suggest to make enter without resource limitations, then it will 
> be a security hole.

I think the question is:

	Can or should an administrative process be able to do things
	inside of a container, without being subject that that
	container's resource limitations?

Implementation wise, I'm sure we _can_ do something like that.  We
simply have to make sure that when processes are entering containers,
they are subject to the originating container's resource limits, not the
destination.

Could you explain why this is a security hole?

-- Dave

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux