As a defense against DoS attacks, Fossil has a feature were it refuses
to run certain expense web pages (ex: creating new tarballs) if the
system load averages is too high.  Fossil uses the getloadavg()
interface to compute this.  On Linux, getloadavg() requires that /proc
be mounted.  So, if you want to use the rate limiting feature on
Linux, you will need /proc mounted in your chroot jail.  I wish there
were a better way...

A Linux-specific hack here could be to open the `/proc/loadavg` file before entering the chroot and dropping privileges. You can then seek to zero and read as many times as you want.
fossil-users mailing list

Reply via email to