
On 04/05/2011 01:46 PM, Jiri Denemark wrote:
On Tue, Apr 05, 2011 at 09:28:00 -0600, Eric Blake wrote:
On 04/05/2011 08:09 AM, Jiri Denemark wrote:
This patch adds max_processes option to qemu.conf which can be used to override system default limit on number of processes that are allowed to be running for qemu user.
Actually it's important that we call setrlimit() before dropping root privileges since only such process can increase the limit.
Makes sense.
The NPROC limit is pretty confusing since it logically doesn't fit in setrlimit and by it gets unnatural behavior as a result of it being set via setrlimit. It only affects the limit seen by current process which will soon be executing qemu code.
Yeah, there's no real way to confine the absolute number of processes owned by a single uid using just process inheritance; setrlimit only affects the number of processes that can be forked within a given hierarchy. At any rate, this patch is certainly better than what was previously available, I didn't see anything wrong with it, and you answered my question, so: ACK. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org