On Sun, Jun 21, 2009 at 8:05 PM, Lennart Poettering<mzynq(a)0pointer.de> wrote:
The distinction between a thread/clone() and a process/fork() bomb
doesn't really matter. What matters is that you can kill() processes
and make the whole issue go away in one step even if that process has
one gazillion threads and wants to create even more.
that was sort of my precisely my point. i only read your patch, i
didn't look at it in the context of the whole kernel. if indeed it
only applies to fork() and not to clone() calls that create threads
and not tasks, then its not really protecting against anything, is it?
however, from what i could see of the patch the no-inherit-RT property
belongs to the process, not a thread, and thus could not be reset by a
thread create call without wierd semantics.
so it appears to me that your patch still leaves the kernel open to a
thread-bomb ... am i wrong?