Re: (pspace,pid) vs true pid virtualization
From: Dave Hansen
Date: Mon Feb 20 2006 - 13:17:20 EST
On Mon, 2006-02-20 at 12:54 +0300, Kirill Korotaev wrote:
> VPS has reached it's process limit and you can't enter it.
> If you suggest to make enter without resource limitations, then it will
> be a security hole.
I think the question is:
Can or should an administrative process be able to do things
inside of a container, without being subject that that
container's resource limitations?
Implementation wise, I'm sure we _can_ do something like that. We
simply have to make sure that when processes are entering containers,
they are subject to the originating container's resource limits, not the
destination.
Could you explain why this is a security hole?
-- Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/