Ages ago, when building my own kernel packages was my main hobby, I used to apply the GRsecurity patch to my kernels. One of the main benefits I found in this patch was that it would make the kernel terminate or, if that failed to have any immediate effect, downright kill any application that suddenly requests an unreasonable amount of system resources. I was wondering if stock Debian and Ubuntu kernels offered any similar feature that could be enabled e.g. via some /sys
register?
2 comments:
How about ulimit?
How about getting GRSec upstream to merge their stuff into Linux mainline finally!
Post a Comment