Hi, attached is a new version of the BSD Jail patch. This one incorporates resource limits. In particular, you can limit: # of processes per jail min nice level for processes in the jail timeslice for processes in the jail max DATA segment size per process max size of lockable memory per process How to use: echo -n "root /some/other/image" > /proc/$$/attr/exec echo -n "nrtask 5" > /proc/$$/attr/exec echo -n "nice 15" > /proc/$$/attr/exec exec /bin/sh The resulting shell can result in at most 5 simultaneous tasks, and its nice level is 15, preventing it from overly affecting system performance. For a full list of keywords which can be used in creating a jail, cat /proc/$$/attr/exec. For information on a process' jail, cat /proc/<pid>/attr/current. (Note this is a change from the previous release, where /proc/<pid>/attr/exec gave <pid>'s jail information) For a full feature list and usage instructions, see the first comment block in bsdjail.c. thanks, -serge -- ======================================================= Serge Hallyn Security Software Engineer, IBM Linux Technology Center serue@private
This archive was generated by hypermail 2b30 : Thu Mar 18 2004 - 13:23:46 PST