From: "Robert Gierzinger" <robert.gierzinger-RbZlAiThDcE@public.gmane.org>
To: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: cgroup pid controller side effects
Date: Thu, 15 Oct 2015 16:13:02 +0200 [thread overview]
Message-ID: <f2e-561fb480-9-1b99f780@25775614> (raw)
Hi,
I have finally had time to test 4.3-rc5 especially (my greatly anticipated) process limitiation with cgroup-pids.
With bash forkbombs, it really works nice, however, I had some side effects with the forkbomb from
https://github.com/linux-vserver/util-vserver/blob/master/tests/forkbomb.c
The good thing: my test systems did not die as in previous versions during the simulated attack. But executing the file with e.g.
./forkbomb 100000 100 fork
I get "unable to fork process: Resource temporarily unavailable" on the host (e.g. while trying to have a look via "watch -n 2 cat /sys/fs/cgroup/pids/lxc/dev04/pids.current") and inside other cgroup processes. This happens with various (low) limits in the respective pids.max; also it doesn't matter whether to launch the forkbomb in a privileged or unprivileged/user-namespace cgroup.
Maybe someone could have a look, please, as this would be a real nice feature for a hosting service.
And thanks for your great work!
Best regards,
Robert
next reply other threads:[~2015-10-15 14:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-15 14:13 Robert Gierzinger [this message]
2015-10-16 17:39 ` cgroup pid controller side effects Johannes Weiner
[not found] ` <20151016173943.GA2162-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2015-10-19 10:00 ` Robert Gierzinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f2e-561fb480-9-1b99f780@25775614 \
--to=robert.gierzinger-rbzlaithdce@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox