Commit | Line | Data |
---|---|---|
e11f0ae3 EB |
1 | There are a lot of kinds of objects in the kernel that don't have |
2 | individual limits or that have limits that are ineffective when a set | |
3 | of processes is allowed to switch user ids. With user namespaces | |
4 | enabled in a kernel for people who don't trust their users or their | |
5 | users programs to play nice this problems becomes more acute. | |
6 | ||
7 | Therefore it is recommended that memory control groups be enabled in | |
8 | kernels that enable user namespaces, and it is further recommended | |
9 | that userspace configure memory control groups to limit how much | |
10 | memory user's they don't trust to play nice can use. | |
11 | ||
12 | Memory control groups can be configured by installing the libcgroup | |
13 | package present on most distros editing /etc/cgrules.conf, | |
14 | /etc/cgconfig.conf and setting up libpam-cgroup. |