This is a random idea I came up with while trying to imagine a solution to
fork-bombs. It's like extending the "joe user mount point" idea to swap.

Suppose that swap files can be added by any user provided they are the
same user or group as the file (and have write access), and that the
execute modes of the file control who may allocate pages from that file.
Define a swap partition to be a swap file whose owner is root.staff and
whose mode is 111, unless changed by mount_swap options.

If a process needs swap, then user access is tested for all swap files, then
group access, then other access. The first swap file that allows access is
used to obtain the new page. Changes in permissions do not affect pages after
they have been allocated. A swap file can be decommissioned by removing all
execute permission, waiting for all processes using its pages to exit, and
then issuing a kernel call to 'unmount' it.

This makes it easy for sysadmins to force users to spend parts of their
quota on swap space, so memory use of a fork-bomb is limited to the user
who set it off. (There's still a load-average and process-table overflow
issue, but you know, maybe the process tables could be per-user and come
out of the user's private swap as well. This would force a 16:16 split in
the PID field of course -- are PIDs signed or unsigned shorts??)

Todd Whitesel
toddpw @ best.com