# mitigating the risk of jailed fork bombs, in 3 steps:
#
# example of the important lines for login.conf,
# check this article out for more good information:
# http://www.samag.com/documents/s=1151/sam0105d/0105d.htm
#
# 

#########
# STEP 1)
# Edit default values in your jail, /etc/login.conf file: 

# defaults for FreeBSD (and in your jail!)
default:\
:maxproc=unlimited:\
:vmemoryuse=unlimited:\

# example of restricted values:
default:\
:maxproc=30:\
:memoryuse=25M:\

#########
# STEP 2)
# Make sure you have immutable flags set on jailed /etc/login.conf, example:

chflags schg $D/etc/login.conf

#########
# STEP 3)
# Set a higher securelevel on a per-jail basis (new for 5.x onward! yay!),
# add the following line to the jailed /etc/sysctl.conf

kern.securelevel=1  # securelevel 1 is minimum, reccommended 2 for completeness

# read the man page for securelevel for more information
