Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S268420AbUIWM0S (ORCPT ); Thu, 23 Sep 2004 08:26:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S268421AbUIWM0S (ORCPT ); Thu, 23 Sep 2004 08:26:18 -0400 Received: from pauli.thundrix.ch ([213.239.201.101]:55009 "EHLO pauli.thundrix.ch") by vger.kernel.org with ESMTP id S268420AbUIWM0P (ORCPT ); Thu, 23 Sep 2004 08:26:15 -0400 Date: Thu, 23 Sep 2004 14:24:28 +0200 From: Tonnerre To: Thomas Habets Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH] oom_pardon, aka don't kill my xlock Message-ID: <20040923122428.GA8816@thundrix.ch> References: <200409230123.30858.thomas@habets.pp.se> <20040923044549.GE6889@thundrix.ch> <200409230857.57145.thomas@habets.pp.se> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm" Content-Disposition: inline In-Reply-To: <200409230857.57145.thomas@habets.pp.se> X-GPG-KeyID: 0x8BE1C38D X-GPG-Fingerprint: 1AB0 9AD6 D0C8 B9D5 C5C9 9C2A FF86 CBEE 8BE1 C38D X-GPG-KeyURL: http://users.thundrix.ch/~tonnerre/tonnerre.asc User-Agent: Mutt/1.5.6+20040803i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1577 Lines: 53 --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Salut, On Thu, Sep 23, 2004 at 08:57:50AM +0200, Thomas Habets wrote: > Yup. What would be a good interface for setting that flag per-process?=20 > prctl()? > Personally, I'd prefer it without userspace having to write code for it. Well, either via a new syscall/ioctl, or via some exported file in /proc or /sys. I guess the second approach (file) will be prefered. > Also, it should be able to protect against a DoS where a user launches N= =20 > un-OOM-killable processes. You can still do that. Maybe kill those processes first who got less criterias matching the OOM gracefulness, so you can protect httpd more strongly than xlock. Also remember to set per-user limits of processes. :) > > What about programs with spaces in its names? >=20 > I thought "screw 'em". :-) Now that's what I call policy! Tonnerre --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.2 (GNU/Linux) iD8DBQFBUsB7/4bL7ovhw40RAicGAJ0cEpGMltVpghrCH/HtwkzlwuYmxgCeLQQZ Y5mPaRI/s3mPLJqPpjdkRMk= =hWca -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/