Allow small amount of memory be mlock()'ed by unprivileged
process?
Doug Barton
dougb at FreeBSD.org
Fri Jun 1 01:46:10 UTC 2012
On 5/31/2012 5:23 AM, Andriy Gapon wrote:
> In fact, FreeBSD also has this rlimit and there seems to be full support for it on
> both user and kernel sides.
> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-user in the
> default configuration. And this privilege kind of defeats the limit.
>
> Perhaps, we should/could kill the privilege and set the limit to a sufficiently
> small/safe value for ordinary users?
I like this idea, but someone else in the thread (sorry, don't have it
handy) brought up the point that we don't want the aggregate of per-user
limits to be able to bring down the system either. So the right solution
would seem to be a reasonable per-user limit, and a cap on the maximum
total amount of locked pages for all unprivileged users, probably based
on some percentage of total available memory?
Doug
--
This .signature sanitized for your protection
More information about the freebsd-arch
mailing list