Allow small amount of memory be mlock()'ed by unprivileged
process?
Bryan Drewery
bryan at shatow.net
Fri Jun 1 15:41:22 UTC 2012
On 5/31/2012 8:40 PM, Doug Barton wrote:
> On 5/31/2012 5:23 AM, Andriy Gapon wrote:
>> In fact, FreeBSD also has this rlimit and there seems to be full support for it on
>> both user and kernel sides.
>> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-user in the
>> default configuration. And this privilege kind of defeats the limit.
>>
>> Perhaps, we should/could kill the privilege and set the limit to a sufficiently
>> small/safe value for ordinary users?
>
> I like this idea, but someone else in the thread (sorry, don't have it
> handy) brought up the point that we don't want the aggregate of per-user
> limits to be able to bring down the system either. So the right solution
> would seem to be a reasonable per-user limit, and a cap on the maximum
> total amount of locked pages for all unprivileged users, probably based
> on some percentage of total available memory?
>
> Doug
>
I like this approach. A per-user ulimit, and a global max sysctl that
can be overridden, but by default based on a percentage of available memory.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20120601/1b851bc4/signature.pgp
More information about the freebsd-arch
mailing list