mlock(2) for ordinary users
Kostik Belousov
kostikbel at gmail.com
Sun Jul 23 06:19:40 UTC 2006
On Sun, Jul 23, 2006 at 09:55:28AM +1000, Peter Jeremy wrote:
> On Sat, 2006-Jul-22 18:16:31 +0300, Kostik Belousov wrote:
> >On Sat, Jul 22, 2006 at 03:52:37PM +0100, Robert Watson wrote:
> >As consequence, allowing mlock() for non-root users actually allow such
> >user to allocate value-of(RLIMIT_MEMLOCK) * value-of(RLIMIT_NPROC).
>
> This is no different to the other per-process resource limits. On a
> stock FreeBSD system, I can reach the system-wide FD limit with two
> user processes. I can't see that having several processes each
> locking RLIMIT_MEMLOCK pages provides any real benefit to the user
> so this is really just another DoS vector.
>
> >In fact, I had to make the answers to the asked questions when I
> >implemented the per-user swap limits.
>
> I didn't realise this existed. How do you control per-user swap? I
> can't find any reference to this in either login.conf or setrlimit(2).
This is not in the tree. See
http://people.freebsd.org/~kib/overcommit/index.html
I would be more than happy if this stuff becomes useful for at least
one purpose.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20060723/da1ec939/attachment.pgp
More information about the freebsd-arch
mailing list