cgmanager needs to limit the directory depth
Bug #1284872 reported by
Serge Hallyn
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cgmanager (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Bug Description
An unprivileged user can take up an inordinate amount of host kernel memory by creating deeply nested cgroups.
cgmanager should have a default limit (20 seems reasonable) on the cgroup depth, overrideable on the command line.
(Obviously this is just as possible with delegated cgroupfs access and mkdir, but that's irrelevant here)
Related branches
| Changed in cgmanager (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → High |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in cgmanager (Ubuntu): | |
| status: | Triaged → Fix Released |
To post a comment you must log in.
This bug was fixed in the package cgmanager - 0.20-0ubuntu2
---------------
cgmanager (0.20-0ubuntu2) trusty; urgency=medium
* limit depth of cgroups (LP: #1284872)
-- Serge Hallyn <email address hidden> Wed, 26 Feb 2014 10:41:27 -0600