Documentation/resource-control.txt
来源:互联网 发布:云计算的安全问题包括 编辑:程序博客网 时间:2024/06/02 06:58
Chinese translated version of Documentation/resource-control.txt
If you have any comment or update to the content, please contact the
original document maintainer directly. However, if you have a problem
communicating in English you can also ask the Chinese maintainer for
help. Contact the Chinese maintainer if this translation is outdated
or if there is a problem with the translation.
Chinese maintainer: 赵晶 anana53@qq.com
---------------------------------------------------------------------
Documentation/resource-control.txt 的中文翻译
如果想评论或更新本文的内容,请直接联系原文档的维护者。如果你使用英文
交流有困难的话,也可以向中文版维护者求助。如果本翻译更新不及时或者翻
译存在问题,请联系中文版维护者。
中文版维护者: 赵晶 anana53@qq.com
中文版翻译者: 赵晶 anana53@qq.com
中文版校译者: 赵晶 anana53@qq.com
以下为正文
---------------------------------------------------------------------
There are a lot of kinds of objects in the kernel that don't have
individual limits or that have limits that are ineffective when a set
of processes is allowed to switch user ids. With user namespaces
enabled in a kernel for people who don't trust their users or their
users programs to play nice this problems becomes more acute.
Therefore it is recommended that memory control groups be enabled in
kernels that enable user namespaces, and it is further recommended
that userspace configure memory control groups to limit how much
memory user's they don't trust to play nice can use.
Memory control groups can be configured by installing the libcgroup
package present on most distros editing /etc/cgrules.conf,
/etc/cgconfig.conf and setting up libpam-cgroup.
在内核中有很多各种各样的对象,他们没有
个体限制,或有当一组进程允许
切换用户ID时是无效的限制。随着用户空间
在内核中的启用,人们不信任他们的用户或他们
优先解决这个问题的用户程序,情况变得更加严重。
因此建议在内核中启用存储组,
使用户的命名空间可使用。并进一步建议
这个用户空间的配置存储器控制组设一个限制,多少
内存时,用户会不信任优先级可以使用。
存储器控制组可以通过安装libcgroup
目前大多数发行版/etc/cgrules.conf,
/ cgconfig.conf包来配置和设置libpam-cgroup.
If you have any comment or update to the content, please contact the
original document maintainer directly. However, if you have a problem
communicating in English you can also ask the Chinese maintainer for
help. Contact the Chinese maintainer if this translation is outdated
or if there is a problem with the translation.
Chinese maintainer: 赵晶 anana53@qq.com
---------------------------------------------------------------------
Documentation/resource-control.txt 的中文翻译
如果想评论或更新本文的内容,请直接联系原文档的维护者。如果你使用英文
交流有困难的话,也可以向中文版维护者求助。如果本翻译更新不及时或者翻
译存在问题,请联系中文版维护者。
中文版维护者: 赵晶 anana53@qq.com
中文版翻译者: 赵晶 anana53@qq.com
中文版校译者: 赵晶 anana53@qq.com
以下为正文
---------------------------------------------------------------------
There are a lot of kinds of objects in the kernel that don't have
individual limits or that have limits that are ineffective when a set
of processes is allowed to switch user ids. With user namespaces
enabled in a kernel for people who don't trust their users or their
users programs to play nice this problems becomes more acute.
Therefore it is recommended that memory control groups be enabled in
kernels that enable user namespaces, and it is further recommended
that userspace configure memory control groups to limit how much
memory user's they don't trust to play nice can use.
Memory control groups can be configured by installing the libcgroup
package present on most distros editing /etc/cgrules.conf,
/etc/cgconfig.conf and setting up libpam-cgroup.
在内核中有很多各种各样的对象,他们没有
个体限制,或有当一组进程允许
切换用户ID时是无效的限制。随着用户空间
在内核中的启用,人们不信任他们的用户或他们
优先解决这个问题的用户程序,情况变得更加严重。
因此建议在内核中启用存储组,
使用户的命名空间可使用。并进一步建议
这个用户空间的配置存储器控制组设一个限制,多少
内存时,用户会不信任优先级可以使用。
存储器控制组可以通过安装libcgroup
目前大多数发行版/etc/cgrules.conf,
/ cgconfig.conf包来配置和设置libpam-cgroup.
- Documentation/resource-control.txt
- Documentation\namespaces\resource-control.txt
- Documentation/namespaces/resource-control.txt
- Documentation/devicetree/bindings/resource-names.txt
- Documentation/devices.txt
- Documentation/sched-bwc.txt
- Documentation/timers/hpet.txt
- Documentation/input/cd32.txt
- Documentation/x86/pat.txt
- Documentation/filesystems/xip.txt
- Documentation/zorro.txt
- Documentation-spiep93xx-spi.txt
- Documentation/dvb/readme.txt
- Documentation-spi-pxa2xx.txt
- Documentation/io-mapping.txt
- Documentation/xtensa/mmu.txt
- Documentation/usb/anchors.txt
- Documentation/basic_profiling.txt
- Oracle中用exp/imp命令快速导入导出数据
- Android拍照和取相册并裁切
- Macintosh HFSPlus Filesystem for Linux
- Button
- laravel 实现 模块式开发
- Documentation/resource-control.txt
- 2.21 Adding Buttons to the User Interface with UIButton
- 在 Visual Studio 2010 中创建 ASP.Net Web Service
- JAVA学习第二天笔记
- 韩顺平网页第二十四讲,二十五讲,二十六讲
- [原]在MAC里启动和停止的MySQL和PostgreSQL的的指令
- 做人那点儿事
- 解决pear使用时出现 PHP_PEAR_INSTALL_DIR is not set correctly.
- jQuery插件之表格排序(转后完善)