[Dovecot] cgroup support
Emerson Pinter
epinter at picturecorp.com.br
Sun Jan 30 17:05:20 EET 2011
Have you tried post login scripts ?
On Sun, 30 Jan 2011 13:28:22 +0100, Andreas Pelme <andreas at pelme.se>
wrote:
> Hi,
>
> I am setting up a system that enforces cgroup restrictions when a user
> logs in via SSH, and for all the services that are run by a particular
> user.
>
> I am also running dovecot to give users IMAP/POP access to their
> mailboxes. However, to be part of a cgroup, PIDs must be explicitly
added
> to the cgroup tasks file. So for now, all my processes are run with
> resource restrictions, except for Dovecot processes.
>
> It would be really cool if dovecots child/worker processes could be
added
> the a cgroup in addition to the usual setuid/chroot protections that
> already exists. Adding a process to a cgroup is a matter of writing the
PID
> to the correct cgroup tasks file.
>
> If this were implemented as an extra field in userdb, it could be very
> powerful, and allow for all kinds of resource management/accounting of
> dovecot processes.
>
> This would obviously not be cross-platform, since cgroups are a feature
of
> the Linux kernel. Would that be a problem?
>
> Is support for cgroups something that could be considered for dovecot at
> all? Are there other ways to put dovecot processes in cgroups?
>
> I do not really have a patch or a plan for how everything would work out
> in detail. If this would be useful for dovecot, I would be happy to
start
> hacking on a patch.
>
> Cheers
> Andreas
--
Emerson Pinter
Picture Internet
+55 11 5089 8100
http://www.picture.com.br/
More information about the dovecot
mailing list