On Aug 29, 2007, at 09:49:01, Chris Snook wrote:
Like this there are many cases..(actually these cases has already
been discussed On LKML 2 months before in my thread named "fork
bombing
attack"). in all these cases this printk helps adminstrator a lot.
What exactly does this patch help the administrator do? If a box
is thrashing, you still have sysrq. You can also use cpusets and
taskset to put your root login session on a dedicated processor,
which is getting to be pretty cheap on modern many-core, many-
thread systems. Group scheduling is in the oven, which will allow
you to prioritize classes of users in a more general manner, even
on UP systems.
I've also set up systems where there is a carefully rate-limited
SCHED_RR 98 ssh process (NIC interrupt thread is SCHED_RR 99) behind
an additional set of rate-limiting rules in IPtables. Basically, no
matter what somebody is doing to the workstation, even if I let them
create as many processes as they want or get the box completely into
a swap storm, I can "ssh -p 222 root@some.box". Once it connects I
type in two passwords through a custom PAM plugin and then have my
login script touch /etc/nologin and send SIGSTOP to every
The resource consumption issue is immediately over and I can go about
kicking the user and filling out all the icky paperwork.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
