|
![](/i/fill.gif) |
"Peter J. Holzer" wrote
> RLIMIT_CPU
> (limits the total CPU usage for one job)
>
> RLIMIT_DATA, RLIMIT_STACK, RLIMIT_CORE
> (limits the memory usage of a single process not all unixes have all
> of these)
>
> RLIMIT_NPROC
> (limits the number of processes per user)
>
> RLIMIT_NOFILE
> (limits the number of open files per process)
>
> Together with quotas, a chrooted environment and a positive nice factor,
> the povray process(es) would be restricted from disturbing their host
> computer.
An other approach we are concidering is to confine the execution in a
sandbox.
Last week we have played with user-mode-linux.
(http://www.user-mode-linux.sourceforge.net)
Idea is to boot a virtual os only to run the application (povray). So
even if Povray is compromised, the user
is still in the sandbox and don't have access to the hosting machine.
Some preliminary test show that this solution
is quite easy to use. More, it has cool features such as defining the
amount of memory (physical and swap)
the process may use, the amount of disk and so on... So it is a very
appealing solution.
But we are still checking security and performance issues.
We are also comparing it to other solution also PTRACE oriented like
Janus or subterfugue (http://subterfugue.sourceforge.net)
> You can leave this to the slave servers: They can check whether there is
> some output produces within a given time. If there isn't, they'll kill
> the process and report failure.
>
Yes, it's the only way, unless that the server could be constantly
overloaded.
--
Gilles Equipe Architectures Paralleles Tel 33 01-69-15-42-25
FEDAK LRI bat 490 Fax 33 01-69-15-65-86
------ Universite Paris-Sud email: fed### [at] lri fr
XtremWeb F-91405 ORSAY Cedex http://www.lri.fr/~fedak
Post a reply to this message
|
![](/i/fill.gif) |