On Thu, 18 Jul 2002 stoffel@lucent.com wrote:
> Szakacsits> About 99% of the people don't know about, don't understand
> Szakacsits> or don't care about resource limits. But they do care
> Szakacsits> about cleaning up when mess comes. Adding reserved root
> Szakacsits> memory would be a couple of lines
>
> So what does this buy you when root itself runs the box into the
> ground? Or if a dumb user decides to run his process as root, and it
> takes down the system?
You would be able to point out them running stuffs as root is the
worst scenario from security and reliability point of view. You can
argue about security now but not reliability because it doesn't matter
who owns the "runaway" processes, the end result is either uncontrolled
process killing (default kernel) or livelock (strict overcommit patch).
You can't solve everybody's problems of course but you can educate
them however at present the kernel misses the features to do so [and
for a moment *please* ignore the resource control/accounting with all
its benefits and deficients on Linux, there are lot's of way to do
resource control and Linux is quite infant at present].
> You're arguing for the wrong thing here.
How about consulting with some Sun or ex-Dec engineers why they have
this feature for (internet) decades? Because at default they use
strict overcommit and that's shooting yourself in the foot without
reserved root vm on a general purposes system.
Szaka
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Jul 23 2002 - 22:00:29 EST