maxproc per jail

[Nicolas de Bari Embriz Garcia Rojas]

A friend suggested to schg the rc.conf and login.conf of the jail and  
put the root user in a login class with some strict perms. maybe can  
be a solution.

regards.
--
 > nbari

On Mar 17, 2009, at 1:27 PM, Jille Timmermans wrote:

> Nicolas de Bari Embriz Garcia Rojas schreef:
>> Hi, thanks for the answer just on question how to setup rlimit for  
>> jails
>> ? any ideas
> I'm sorry for leaving that unclear; there is no rlimit for jails atm.
> But if someone wants to create a root-proof protection, I think that  
> is
> the way to go. (being able to limit everything that rlimit can limit  
> for
> single processes now)
>
> I unfortunately can't find the patch I mentioned, must have lost that
> during some disk-crash.
>
> So, I am afraid there is nothing I can do to help you.
>
> -- Jille
>>
>> regards.
>> -- 
>>> nbari
>>
>> On Mar 17, 2009, at 8:45 AM, Jille Timmermans wrote:
>>
>>> Nicolas de Bari Embriz Garcia Rojas schreef:
>>>> Hi all, it is posible to limite the maxproc per jail ?
>>> No, I wrote a patch once; I will take a look whether I still have it
>>> somewhere.
>>> But the patch only limits the number of processes, not memory nor  
>>> open
>>> files.
>>> The best thing to do (I think) is create some rlimit for jails.
>>>
>>> -- Jille
>>>> or how to put a protection to the main host in case the root user  
>>>> of
>>>> a jail try to make  a fork bom.
>>>> regards.
>>>> -- 
>>>>> nbari
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 163 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20090317/65dc2c35/PGP.pgp