max connections per control group (cgroup)
Colin Walters
walters at verbum.org
Wed Aug 6 08:55:20 PDT 2014
On Wed, Aug 6, 2014, at 10:16 AM, Alban Crequy wrote:
> With the development of cgroups and systemd, system services and session
> services start in different cgroups. However, cgroups are not a security
> boundary: a process can freely be moved from a cgroup to another cgroup
> by an
> unprivileged user if the user moving the process is the same as the
> destination
> cgroup.
I think we should be looking at scopes or services, not the topmost
cgroup. Even if an unprivileged uid was able to migrate within their
login session, they shouldn't be able to escape their login scope.
I see no point in connection-per-process because Linux by default allows
creation of many, many processes per uid.
(Yes, with systemd you can LimitNProc= for system services, which can
help significantly if the service is prepared for this, but there's no
realistic equivalent for desktop login sessions)
More information about the dbus
mailing list