Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter

[Gregory Piñero]

On 10/25/07, Gregory Piñero <address@hidden> wrote:
> I have a script run by root that launches six of these:
> jk_chrootlaunch -u jailtest -g jailtest -j /srv/jail_for_python/ -x
> /srv/jail_for_python/usr/bin/python2.4 exec_worker.py
>
> So I tried adding this to limits.conf:
> jailtest        hard    nproc   1
>
> But I'm still allowed to start the 6 processes.
>

Ok, here's the latest.  I think limits.conf only works for logged in
users, not for my special jail user.

So I found this nifty tool which seems to work
http://cr.yp.to/daemontools/softlimit.html

Here's how I call it:
sudo jk_chrootlaunch -u jailtest -g jailtest -j /srv/jail_for_python/
--exec /srv/jail_for_python/softlimit -- -p 1 -m 12000000
/usr/bin/python2.4 exec_worker.py

I put softlimit in the jail with permissions root:root -rwx--x--x

-Greg