Limit the memory size used by the jailed process #593
Labels
information_old
(Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required
Comments
|
|
|
On Fri, 2016-06-24 at 10:02 -0700, Reiner Herrmann wrote:
I am aware about ulimit, but this will be probably a little more |
|
It's probably a bit more convenient, I agree, but duplicating functionality already provided by other means also increases the complexity of firejail. |
|
Another way is to assign the process to a cgroup and set limits on the cgroup (which you might be able to do in a config file somewhere). |
|
Yes, cgroup is the way to go. Set up a control group and pass it to the sandbox using --cgroup. |
netblue30
added
the
information_old
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We need to limit the memory size used by the jailed process, so that a hacked would not run out of memory and swap.
The text was updated successfully, but these errors were encountered: