Skip to content

Instantly share code, notes, and snippets.

@igalic
Last active October 5, 2018 20:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save igalic/c1b7ed3420107f061dfb40f3fb62d154 to your computer and use it in GitHub Desktop.
Save igalic/c1b7ed3420107f061dfb40f3fb62d154 to your computer and use it in GitHub Desktop.
newproperty(:rlimits) do
desc <<-EOM
A Hash of rlimits for this jail
Example:
jail { xforkb:
ensure => present,
rlimits => { nproc => {action => deny, amount => 50}}
}
This creates a jail that makes it impossible to fork-bomb, since we
will not allow to spawn more than 50 processes (nproc)
EOM
end
jail { "j01":
ensure => present,
boot => yes,
rlimits => {
'maxproc' => { action => sigkill, amount => 50},
'vmemoryuse' => { action => deny, amount => 128M },
},
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment