Intel Corporation
COMPUTING SYSTEM RESOURCE USAGE ACCOUNTING AND USAGE LIMIT ENFORCEMENT

Abstract:

Resource access control modules that are part of an operating system kernel and data structures visible in both user space and kernel space provide for user space-based configuration of computing system resource limits, accounting of resource usage, and enforcement of resource usage limits. Computing system resource limits can be set on an application, customer, or other basis, and usage limits can be placed on various system resources, such as files, ports, I/O devices, memory, and processing unit bandwidth. Resource usage accounting and resource limit enforcement can be implemented without the use of in-kernel control groups. The resource access control modules can be extended Berkeley Program Format (eBPF) Linux Security Module (LSM) programs linked to LSM hooks in the Linux operation system kernel.