>> Is it possible by any means to isolate any given process, so that
>> it'll be unable to crash system.
> You just gave a nice description what an OS kernel should do :)
* Sigh * :-)
> > Please, supply ANY suggestions.
> >
> > My ideas:
> >
> > create some user, and decrease his ulimits up to miminum of 1 process,
> > 0 core size, appropriate memory/ etc.
> That's indeed the way to do it.
Byt how should I restrict him open socket and send some data (my IP,
for example) somewhere ??
I thinks I'll end up writing kernel module which will restrict all
ioctls but few {mmap, brk, geteuid, geuid, etc..} for given UID.
thank, thought.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/