|| ||<casey.schaufler-xNZwKgViW5gAvxtiuMwx3w-AT-public.gmane.org> |
|| ||<roffermanns-uSbOeAmDUekAvxtiuMwx3w-AT-public.gmane.org>, <meego-security-discussion-VVXm0OgCXj10cC2WI2GV6A-AT-public.gmane.org> |
|| ||Re: Quota support |
|| ||Wed, 20 Apr 2011 16:41:28 +0000|
|| ||Article, Thread
> From: meego-security-discussion-bounces-VVXm0OgCXj10cC2WI2GV6A@public.gmane.org
[meego-security-discussion-bounces-VVXm0OgCXj10cC2WI2GV6A@public.gmane.org] on behalf of ext Rolf
> Sent: Wednesday, April 20, 2011 4:28 AM
> To: meego-security-discussion-VVXm0OgCXj10cC2WI2GV6A@public.gmane.org
> Subject: [Meego-security-discussion] Quota support
> Hi All,
> do you consider quota support to be part of MeeGos security discussion?
Woof. Security people generally consider quotas part of resource management.
If you allow for what quotas are supposed to achieve in your security model you
are well down a road that leads to requirements around protection from denial
of service issues. I don't have a model for a solution (yet) for denial of service
issues, and I don't know anyone who does.
> If not, how will you keep applications from filling up the filesystem?
Look up "Parkinson's Law". Weep.
> Having a separate filesystem for application storage will help, but
> there will still be a problem with different applications competing for
> disk space.
Can't be helped. No one has ever written a polite application regarding
disk usage. Applications are like seagulls, scanning for free disk blocks
and chanting "Mine! Mine!".
> I just discovered that BTRFS has no support for quota currently, so that
> may be another thing to keep in mind.
Hum. Sounds like a project.
to post comments)