user- vs kernel-level resource sandbox for Linux?

[Marek Habersack]

Hello,

  I am looking for advice on how to limit resource (memory in particular)
usage on a linux machine (running either kernel v2.4 or2.6) on the per-user
(vs per-process) basis. I am aware that I could use Xen or UML for that
purpose, but I am wondering whether anybody knows any solution that can
implement that entirely in the userland (e.g. a monitor application that
intercepts system calls responsible for resource allocation and controls the
memory usage that way). My problem is apache which spawns a certain process
on which sometimes runs away and causes the kernel to kill apache, the
offending process and cause all fork(2) attempts to fail (which effectively
disables ssh). I've tried limiting resources on the apache startup, but that
isn't of much help since each apache process will get the same resources and
it's enough that several of them allocate too much memory at the same time
and the effect is as described above. I've also played with overcommit on
the 2.6 kernel in hope that it will stop the process from allocating
excessive amounts of memory, but it wasn't of much help either, alas...
  I would appreciate any pointers to the userland solutions for that problem
(if any exist) before I resort to Xen/UML.

  thanks in advance,

marek

Attachment: signature.asc
Description: Digital signature