Re: jail & security
From: Shannon Johnson (shannon@designcurve.net)
Date: 08/23/01
- Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-01:56.tcp_wrappers"
- Previous message: Alexey Zakirov: "Re: jail & security"
- In reply to: Alexey Zakirov: "Re: jail & security"
- Next in thread: Alexey Zakirov: "Re: jail & security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Shannon Johnson" <shannon@designcurve.net> To: <freebsd-security@freebsd.org> Date: Thu, 23 Aug 2001 12:00:05 -0700
> On Thu, 23 Aug 2001, Alexey Zakirov wrote:
>
> > > yourself from destroying a system (e.g. read only file system, setting
the
> > > system immutable flag, etc.)
> > >
> > > Remind me to never give you a shell account.
> >
> > Alexey is wrong in stating 'You CAN'T limit whole jail limits.' you
> > actually can given the right patches to the jail subsystem. :)
>
> Am I wrong? Can you setup jail that limits his CPU/MEM for particular
> jail?
Yes, infact you are incorrect. I have set up literally dozens of jails both
at home and work. Through this I have experimented with allot of
configurations, including login classes.
One way that I tested this out was to write a simple c program to test that
the cpu/memory limits were being properly limited by login.conf. Here tis...
int main(void) {
while(1) malloc(100);
}
This is obviously required allot of memory/CPU. But it proved my point.
By the way, where are the patches that you referred to earlier.
--- Shannon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-01:56.tcp_wrappers"
- Previous message: Alexey Zakirov: "Re: jail & security"
- In reply to: Alexey Zakirov: "Re: jail & security"
- Next in thread: Alexey Zakirov: "Re: jail & security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
