Recently I've been digging up information about processes in GNU/Linux and I met the infamous fork bomb :
:(){ : | :& }; :
Theoretically, it is supposed to duplicate itself infinitely until the system runs out of resources...
However, I've tried testing both on a CLI Debian and a GUI Mint distro, and it doesn't seem to impact much the system. Yes there are tons of processes that are created, and after a while I read in console messages like :
bash: fork: Resource temporarily unavailable
bash: fork: retry: No child processes
But after some time, all the processes just get killed and everything goes back to normal. I've read that the ulimit set a maximum amount of process per user, but I can't seem to be able to raise it really far.
What are the system protections against a fork-bomb? Why doesn't it replicate itself until everything freezes or at least lags a lot? Is there a way to really crash a system with a fork bomb?
You probably have a Linux distro that uses systemd.
Systemd creates a cgroup for each user, and all processes of a user belong to the same cgroup.
Cgroups is a Linux mechanism to set limits on system resources like max number of processes, CPU cycles, RAM usage, etc. This is a different, more modern, layer of resource limiting than ulimit
(which uses the getrlimit()
syscall).
If you run systemctl status user-<uid>.slice
(which represents the user's cgroup), you can see the current and maximum number of tasks (processes and threads) that is allowed within that cgroup.
$ systemctl status user-$UID.slice ● user-22001.slice - User Slice of UID 22001 Loaded: loaded Drop-In: /usr/lib/systemd/system/user-.slice.d └─10-defaults.conf Active: active since Mon 2018-09-10 17:36:35 EEST; 1 weeks 3 days ago Tasks: 17 (limit: 10267) Memory: 616.7M
By default, the maximum number of tasks that systemd will allow for each user is 33% of the "system-wide maximum" (sysctl kernel.threads-max
); this usually amounts to ~10,000 tasks. If you want to change this limit:
In systemd v239 and later, the user default is set via TasksMax= in:
/usr/lib/systemd/system/user-.slice.d/10-defaults.conf
To adjust the limit for a specific user (which will be applied immediately as well as stored in /etc/systemd/system.control), run:
systemctl [--runtime] set-property user-<uid>.slice TasksMax=<value>
The usual mechanisms of overriding a unit's settings (such as systemctl edit
) can be used here as well, but they will require a reboot. For example, if you want to change the limit for every user, you could create /etc/systemd/system/user-.slice.d/15-limits.conf
.
In systemd v238 and earlier, the user default is set via UserTasksMax= in /etc/systemd/logind.conf
. Changing the value generally requires a reboot.
More info about this:
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加