git: cb57f50e6404 - main - defaults: oomprotect sshd and local_unbound
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 Nov 2023 08:50:14 UTC
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=cb57f50e6404389e4314025caea487d63ddf0ee4 commit cb57f50e6404389e4314025caea487d63ddf0ee4 Author: Alexander Leidinger <netchild@FreeBSD.org> AuthorDate: 2023-11-13 08:48:51 +0000 Commit: Alexander Leidinger <netchild@FreeBSD.org> CommitDate: 2023-11-13 08:48:51 +0000 defaults: oomprotect sshd and local_unbound Add sshd and local_unbound to the oom protected services. syslogd is protected by default already, document it. This was discussed on arch@, see https://lists.freebsd.org/archives/freebsd-arch/2023-November/000543.html sshd is protected to be able to investigate and fix oom issues on systems which don't have out-of-band console access. local_unbound is protected as it may be enabled for local use and without DNS a lot grinds to a halt (including sshd). Relnotes: yes MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D42544 --- libexec/rc/rc.conf | 2 ++ share/man/man5/rc.conf.5 | 20 +++++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 26e189953044..3269288728b6 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -318,6 +318,7 @@ ggated_config="/etc/gg.exports" # ggated(8) exports file. ggated_flags="" # Extra parameters like which port to bind to. ctld_enable="NO" # CAM Target Layer / iSCSI target daemon. local_unbound_enable="NO" # Local caching DNS resolver +local_unbound_oomprotect="YES" # Don't kill local_unbound when swap space is exhausted. local_unbound_tls="NO" # Use DNS over TLS blacklistd_enable="NO" # Run blacklistd daemon (YES/NO). blacklistd_flags="" # Optional flags for blacklistd(8). @@ -364,6 +365,7 @@ pppoed_provider="*" # Provider and ppp(8) config file entry. pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). pppoed_interface="em0" # The interface that pppoed runs on. sshd_enable="NO" # Enable sshd +sshd_oomprotect="YES" # Don't kill sshd when swap space is exhausted. sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. ftpd_enable="NO" # Enable stand-alone ftpd. diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index a76cb1a04e0a..ad84bcbd576c 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 18, 2023 +.Dd November 13, 2023 .Dt RC.CONF 5 .Os .Sh NAME @@ -2318,6 +2318,12 @@ If set to run the .Xr syslogd 8 daemon. +Note, the +.Va syslogd_oomprotect +variable is set to +.Dq Li YES +by default in +.Pa /etc/defaults/rc.conf . .It Va syslogd_program .Pq Vt str Path to @@ -2381,6 +2387,12 @@ If set to run the .Xr unbound 8 daemon as a local caching DNS resolver. +Note, the +.Va local_unbound_oomprotect +variable is set to +.Dq Li YES +by default in +.Pa /etc/defaults/rc.conf . .It Va nscd_enable .Pq Vt bool Set to @@ -3840,6 +3852,12 @@ Set to to start .Xr sshd 8 at system boot time. +Note, the +.Va sshd_oomprotect +variable is set to +.Dq Li YES +by default in +.Pa /etc/defaults/rc.conf . .It Va sshd_flags .Pq Vt str If