On Thu 10 May 2007 at 03:58PM, Bob Netherton wrote: > On Thu, 2007-05-10 at 14:11 -0400, Jeff Victor wrote: > > > However, this model does not solve the problem that is documented in > > Clarkson's paper: the "out-of-the-box" experience does not protect > > well-behaved zones from poorly-behaved zones, or a DoS attack. > > I see where you are going with this Jeff, and there are some good ideas > behind all of this. I have a great desire to rephrase your question > without the reference to zones - how well is Solaris itself > protected against the various forms of DoS attack ? Do the controls > here suggest rational defaults for zones (ie, should we just inherit > the limits/protections from the Solaris parent) ?
I think you are all making good points. :) Just to expand upon what Jerry said about the envisioned "templates" project: We (zones team) spent a lot of time considering this issue and in effect our proposal is to give the customer a choice of out-of-the-box experiences-- that is to say, if a customer can type: create -t SUNWtight create -t SUNWmedium create -t SUNWgenerous (real names TBD) and those default to some set of reasonable default settings, then we think we're basically providing something reasonable. Because these are templates, they basically pre-populate your zonecfg settings, but would allow you to do customization as you see fit. It's more like the "sample configs" project than anything else. I do think (as Jerry pointed out) that some relatively liberal but still limiting default settings would be good. For example, to me, capping a container at 75% of system swap, or, say, 1000 lwps by default does not to me seem to be unreasonable. -dp -- Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp _______________________________________________ zones-discuss mailing list email@example.com