| commit | e7e1189fb188fbaff70fbfd50b4ecde079c824e6 | |
| author | Matthew Dillon <dillon@apollo.backplane.com> | |
| Wed, 5 Jul 2017 16:07:06 +0000 (5 09:07 -0700) | ||
| committer | Matthew Dillon <dillon@apollo.backplane.com> | |
| Wed, 5 Jul 2017 16:07:06 +0000 (5 09:07 -0700) | ||
| tree | ed860c8352b99d57614ebcdeb5c311a2a788bd7b | treesnapshot (tar.gz zip) |
| parent | 7130deecaa4470ed0352ea08e0ee8a0761233e5c | commitdiff |
kernel - Automatically downscasle NPROC resource limit
* Downscale the NPROC resource limit based on fork and chroot depth, up
to 50%, and also make the limit apply to root processes. This is intended
to be a poor-man's safety, preventing run-away (root or other) process
creation from completely imploding a system.
* Each level of fork() downscales the NPROC resource limit by 1/3%,
capped at 32 levels (~10%)
* Each chroot (including that made by a jail) downscales the NPROC
resource limit by 10%, up to 40%.
* Downscale the NPROC resource limit based on fork and chroot depth, up
to 50%, and also make the limit apply to root processes. This is intended
to be a poor-man's safety, preventing run-away (root or other) process
creation from completely imploding a system.
* Each level of fork() downscales the NPROC resource limit by 1/3%,
capped at 32 levels (~10%)
* Each chroot (including that made by a jail) downscales the NPROC
resource limit by 10%, up to 40%.