Hi Dhaval, Thank you for your comment.
Dhaval Giani wrote: >> I think it is worth to add a new rule based on a process name. >> I'd like to know everyone's opinion. If no objection, I will work >> for implementing this rule. >> Any comment is welcome. >> >> >> Requirement: >> ============ >> The existing rule based on UID/GID is worth in many cases, that an >> administrator prepares an exclusive user for each program (apache, >> postgresql, etc.). >> In some cases, this rule is not enough. For example, some backup >> tool runs as root user because it needs to access any disk for the >> backup, and it uses a lot of memory. So we'd like to restrict its >> memory usage automatically, but the rule based on UID/GID can not >> be used. >> So I think it is worth to add a new rule based on a process name. >> >> >> A NEW RULE (/etc/cgrules.conf): >> =============================== >> CURRENT) <user> <controllers> <destination> >> NEW) <user>:<process name> <controllers> <destination> >> >> I think the current rule should be used for the compatibility of >> course. In addition a new rule is like the following: >> <user>:<process name> <controllers> <destination> >> >> If matching both process's user and process name with a rule when >> an EXEC event happens, the process is moved to cgroup <destination> >> of subsystem <controllers>. >> > > This is something I am also interested in seeing. This should also be > able to prevent issues of bypassing the issue of just changing a binary > name since we are limiting it per user. Good point. I think we can resolve this issue by specifying both user name and process name in new rule. Thanks Ken'ichi Ohmichi ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
