On Tue, May 19, 2009 at 05:36:28PM +0900, Ken'ichi Ohmichi wrote: > > Hi, > > I think it is worth to add a new rule based on a process name. > I'd like to know everyone's opinion. If no objection, I will work > for implementing this rule. > Any comment is welcome. > > > Requirement: > ============ > The existing rule based on UID/GID is worth in many cases, that an > administrator prepares an exclusive user for each program (apache, > postgresql, etc.). > In some cases, this rule is not enough. For example, some backup > tool runs as root user because it needs to access any disk for the > backup, and it uses a lot of memory. So we'd like to restrict its > memory usage automatically, but the rule based on UID/GID can not > be used. > So I think it is worth to add a new rule based on a process name. > > > A NEW RULE (/etc/cgrules.conf): > =============================== > CURRENT) <user> <controllers> <destination> > NEW) <user>:<process name> <controllers> <destination> > > I think the current rule should be used for the compatibility of > course. In addition a new rule is like the following: > <user>:<process name> <controllers> <destination> > > If matching both process's user and process name with a rule when > an EXEC event happens, the process is moved to cgroup <destination> > of subsystem <controllers>. >
This is something I am also interested in seeing. This should also be able to prevent issues of bypassing the issue of just changing a binary name since we are limiting it per user. As Balbir said, as long as it does not break existing functionality, it would be good to have. thanks, -- regards, Dhaval ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
