On Sun, 2006-07-16 at 01:04 +1000, Jean-Marc Valin wrote:
> > as long as you can fork and exec as many of those processes as you want
> > a per process rlimit is useless security wise... an evil user just fires
> > off a second process just before the first one gets killed and a non-RT
> > root still is starved out.
>
> Of course, which is why the idea is for the limit to be global, across
> all non-root users. AFAIK, that's what Ingo's original (pre-2.6.12)
> patch did and also what Con Kolivas' SCHED_ISO patch does. That's also
> why I think it would be very hard (if possible at all) to do this in
> user space.
I don't think it's a problem. If the admin does not want non-root users
to be able to lock up the machine, just don't put them in the realtime
group.
Lee
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
