|From:||Alan Cox <alan-AT-lxorguk.ukuu.org.uk>|
|To:||Lennart Poettering <mzxreary-AT-0pointer.de>|
|Subject:||Re: [RFC PATCH] tmpfs: support user quotas|
|Date:||Mon, 7 Nov 2011 23:01:35 +0000|
|Cc:||Davidlohr Bueso <dave-AT-gnu.org>, Christoph Hellwig <hch-AT-infradead.org>, Hugh Dickins <hughd-AT-google.com>, Andrew Morton <akpm-AT-linux-foundation.org>, lkml <linux-kernel-AT-vger.kernel.org>, linux-mm-AT-kvack.org, Kay Sievers <kay.sievers-AT-vrfy.org>|
> > Which is almost certainly not what you want to happen. Think about direct > > rendering. > > I don't see what direct rendering has to do with closing the security > hole that /dev/shm currently is. Direct render objects (like shared memory objects) are backed by shmfs, so if you impose random limits on the shmfs you'll get weird graphics happenings. You use a *lot* of shmfs objects when you are running 3D gaming, enormous amounts for all your textures and the like. The DRM case means you can't set tight limits on shmfs and expect to play Warcraft. > Uh? I am pretty sure we don't want to mount a private tmpfs for each > user in /dev/shm and /tmp. If you have 500 users you'd have 500 tmpfs on Oh I do. That would actually do something abut temporary file handling which is a much much bigger issue than a DoS when people get it wrong. It's a bit of Unix history that wants sorting out more than /usr and /bin... > /tmp and on /dev/shm. Despite that without some ugly namespace hackery Only if they were all logged in > you couldn't make them all appear in /tmp as /dev/shm without > subdirectories. Don't forget that /dev/shm and /tmp are an established > userspace API. Don't forget there have been pam modules for doing per user /tmp/ for years and years. > Resource limits are exactly the API that makes sense here, because: No because they are inherited process things and the exhaustion behaviour is not standards defined. Christoph is right that this should be implemnted via quota. It might well be that your quota implementation is handled by a mount option (sysfs just makes it more complex) and that mount blah -oquotaallusers=16G is how you set it up, but doing it via quota interfaces makes all sorts of crap just work including warning users about quota limits. Alan -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to email@example.com. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"firstname.lastname@example.org"> email@example.com </a>
Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds