[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Plash] ulimit -u and Plash = Cool.
From: |
John McCabe-Dansted |
Subject: |
[Plash] ulimit -u and Plash = Cool. |
Date: |
Sat, 6 Jun 2009 21:38:15 +0800 |
I found a new use for Plash. I'd like to limit applications to some
reasonable number of processes, say 128. However even "ulimit -u 128;
yes" doesn't work, because -u is per user, and I already have over 128
processes on my desktop. Now I can of course set the -u value to be
the current number of processes + 128, which is OK if I have a
untrusted application or two, but it allows untrusted applications to
interfere with each other.
But since plash gives each sandboxed app a different user id I can do
something like:
plash -fwls=/ --prog=`which bash` -a=-c -a="ulimit -u 10; yes | head"
and the app (yes in this case) has exactly a max of 10 processes, no
more no less.
Since most of the slow downs on my machine are now caused by an
application misbehaving like "while(1) malloc(1);" or " while (1)
fork()", using Plash could result in my machine being /faster/ for
real world use (as well as allowing me to easily sandbox apps).
--
John C. McCabe-Dansted
PhD Student
University of Western Australia
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Plash] ulimit -u and Plash = Cool.,
John McCabe-Dansted <=