我刚刚意识到我的系统没有正确限制每个用户的进程数量,因此不会阻止用户进行分叉炸弹并使整个系统崩溃:
user@thebe:~$ cat /etc/security/limits.conf | grep user
user hard nproc 512
user@thebe:~$ ulimit -u
1024
user@thebe:~$ :(){ :|:& };:
[1] 2559
user@thebe:~$ ht-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
...
Connection to thebe closed by remote host.
这是一个错误还是为什么它忽略了限制limits.conf,为什么不应用ulimit -n声称的限制?
PS:我真的不认为在进程限制之前达到内存限制。这台机器有 8GB 内存,当我扔下叉形炸弹时,它只使用了 4%。 …