On Thu 10 May 2007 at 03:58PM, Bob Netherton wrote:
> On Thu, 2007-05-10 at 14:11 -0400, Jeff Victor wrote:
> 
> > However, this model does not solve the problem that is documented in 
> > Clarkson's paper: the "out-of-the-box" experience does not protect 
> > well-behaved zones from poorly-behaved zones, or a DoS attack.
> 
> I see where you are going with this Jeff, and there are some good ideas
> behind all of this.   I have a great desire to rephrase your question
> without the reference to zones - how well is Solaris itself
> protected against the various forms of DoS attack ?   Do the controls
> here suggest rational defaults for zones (ie, should we just inherit
> the limits/protections from the Solaris parent) ?

I think you are all making good points. :)

Just to expand upon what Jerry said about the envisioned "templates"
project: We (zones team) spent a lot of time considering this issue
and in effect our proposal is to give the customer a choice of
out-of-the-box experiences-- that is to say, if a customer can type:

        create -t SUNWtight

        create -t SUNWmedium

        create -t SUNWgenerous

(real names TBD) and those default to some set of reasonable default
settings, then we think we're basically providing something reasonable.
Because these are templates, they basically pre-populate your
zonecfg settings, but would allow you to do customization as you
see fit.  It's more like the "sample configs" project than anything
else.

I do think (as Jerry pointed out) that some relatively liberal but
still limiting default settings would be good.  For example, to me,
capping a container at 75% of system swap, or, say, 1000 lwps by
default does not to me seem to be unreasonable.

        -dp

-- 
Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to