git: kernel - Automatically downscasle NPROC resource limit

Matthew Dillon dillon at crater.dragonflybsd.org
Wed Jul 5 09:14:11 PDT 2017


commit e7e1189fb188fbaff70fbfd50b4ecde079c824e6
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Wed Jul 5 09:07:06 2017 -0700

    kernel - Automatically downscasle NPROC resource limit
    
    * Downscale the NPROC resource limit based on fork and chroot depth, up
      to 50%, and also make the limit apply to root processes.  This is intended
      to be a poor-man's safety, preventing run-away (root or other) process
      creation from completely imploding a system.
    
    * Each level of fork() downscales the NPROC resource limit by 1/3%,
      capped at 32 levels (~10%)
    
    * Each chroot (including that made by a jail) downscales the NPROC
      resource limit by 10%, up to 40%.

Summary of changes:
 sys/kern/kern_fork.c    | 23 +++++++++++++++++------
 sys/kern/kern_plimit.c  | 32 ++++++++++++++++++++++++++++++++
 sys/kern/vfs_syscalls.c |  7 +++++++
 sys/sys/proc.h          |  3 ++-
 sys/sys/resourcevar.h   |  1 +
 5 files changed, 59 insertions(+), 7 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/e7e1189fb188fbaff70fbfd50b4ecde079c824e6


-- 
DragonFly BSD source repository



More information about the Commits mailing list