On Mon, 1 May 2017 09:46:38 -0400 Rich Freeman wrote: > On Sun, Apr 30, 2017 at 4:17 PM, Kai Krakow <hurikha...@gmail.com> wrote: > > Am Sun, 30 Apr 2017 10:33:05 -0700 > > schrieb Jorge Almeida <jjalme...@gmail.com>: > > > >> It makes sense that the kernel has it. Should it be enabled? For a > >> server, probably. For a single-user workstation? Maybe. > > > > Maybe I don't have the ordinary workstation, but I use it to limit > > memory of sometimes-run-away services (memory-wise) and to control > > resource usage of container machines I'm using during development. > > Probably not the ordinary use-case... > > > > Honestly, I can't think of why you wouldn't want to use it.
It is an additional attack surface. If there is no use for some $feature on some system, it must be disabled. Also this subsystem is still new in the kernel and there were many related vulnerabilities in the past. Best regards, Andrew Savchenko
pgp2TMZZ4xXFn.pgp
Description: PGP signature
