Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261163AbVCaIIi (ORCPT ); Thu, 31 Mar 2005 03:08:38 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261164AbVCaIIi (ORCPT ); Thu, 31 Mar 2005 03:08:38 -0500 Received: from pin.if.uz.zgora.pl ([212.109.128.251]:9712 "EHLO pin.if.uz.zgora.pl") by vger.kernel.org with ESMTP id S261163AbVCaIIV (ORCPT ); Thu, 31 Mar 2005 03:08:21 -0500 Message-ID: <424BA230.3040500@pin.if.uz.zgora.pl> Date: Thu, 31 Mar 2005 09:09:36 +0200 From: =?ISO-8859-2?Q?Jacek_=A3uczak?= User-Agent: Mozilla Thunderbird 1.0 (X11/20041206) X-Accept-Language: pl, en-us, en MIME-Version: 1.0 To: Natanael Copa Cc: linux-kernel@vger.kernel.org Subject: Re: forkbombing Linux distributions References: <20050328172820.GA31571@linux.ensimag.fr> <6f6293f105033015467d87993@mail.gmail.com> <1112252134.26074.20.camel@nc> In-Reply-To: <1112252134.26074.20.camel@nc> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1717 Lines: 52 Natanael Copa napisa?(a): > On Thu, 2005-03-31 at 01:46 +0200, Felipe Alfaro Solana wrote: > >>On Mon, 28 Mar 2005 19:28:20 +0200, Matthieu Castet >> wrote: >> >>>>The memory limits aren't good enough either: if you set them low >>>>enough that memory-forkbombs are unperilous for >>>>RLIMIT_NPROC*RLIMIT_DATA, it's probably too low for serious >>>>applications. >>> >>>yes, if you want to run application like openoffice.org you need at >>>least 200Mo. If you want that your system is usable, you need at least 40 process per user. So 40*200 = 8Go, and it don't think you have all this memory... >>> >>>I think per user limit could be a solution. >>> >>>attached a small fork-memory bombing. >> >>Doesn't do anything on my machine: >> >># ulimits -a > > ... > > >>it tops at 100 processes and eats a little CPU... although the system >>is under load, it's completely responsive. > > > 100 processes is low. I often have over 150. On desktop system 150 processes is low too. 250 is safe and sufficient value. > I use the patch mentioned here: > http://marc.theaimsgroup.com/?l=linux-kernel&m=111209980932023&w=2 > (it set the default max_threads and RLIMIT_NPROC to half of the current > default) > > and my system survived. Hmmm....my didn't when nearly all users start forkbombing! I think that changing the default max_threads is not a good idea. It might solve many problems but forkbombing require something more universal. Jacek - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/