Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756095AbZA1VrQ (ORCPT ); Wed, 28 Jan 2009 16:47:16 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755182AbZA1VqL (ORCPT ); Wed, 28 Jan 2009 16:46:11 -0500 Received: from bee.hiwaay.net ([216.180.54.11]:39939 "EHLO bee.hiwaay.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755094AbZA1VqK (ORCPT ); Wed, 28 Jan 2009 16:46:10 -0500 Date: Wed, 28 Jan 2009 15:46:08 -0600 From: Chris Adams To: linux-kernel@vger.kernel.org Subject: Re: [patch 016/104] epoll: introduce resource usage limits Message-ID: <20090128214608.GA1495059@hiwaay.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1243 Lines: 25 Once upon a time, Davide Libenzi said: >I already gave you my opinion on such code. There is no need for it. If >your servers are loaded, in the same way you bump NFILES (and likely >even other default configs), you bump up max_user_instances: The flip side of that is this could just be added to the list of limits you set on a multi-user system if you don't want $LUSER to DoS your server (such as max procs, cpu time, virtual memory, etc.). I don't think this is a security issue on single-user systems or servers with only privileged access. Admins of multi-user systems are used to having to manage limits (see pam_limits for example). Admins of single-user or privileged servers (e.g. mail or non-shared web servers) are not for the most part (postfix doesn't open 1025 files in a single process). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/