Allow small amount of memory be mlock()'ed by unprivileged
process?
Julian Elischer
julian at freebsd.org
Sat Jun 2 00:11:29 UTC 2012
On 6/1/12 8:41 AM, Bryan Drewery wrote:
> On 5/31/2012 8:40 PM, Doug Barton wrote:
>> On 5/31/2012 5:23 AM, Andriy Gapon wrote:
>>> In fact, FreeBSD also has this rlimit and there seems to be full support for it on
>>> both user and kernel sides.
>>> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-user in the
>>> default configuration. And this privilege kind of defeats the limit.
>>>
>>> Perhaps, we should/could kill the privilege and set the limit to a sufficiently
>>> small/safe value for ordinary users?
>> I like this idea, but someone else in the thread (sorry, don't have it
>> handy) brought up the point that we don't want the aggregate of per-user
>> limits to be able to bring down the system either. So the right solution
>> would seem to be a reasonable per-user limit, and a cap on the maximum
>> total amount of locked pages for all unprivileged users, probably based
>> on some percentage of total available memory?
>>
>> Doug
>>
> I like this approach. A per-user ulimit, and a global max sysctl that
> can be overridden, but by default based on a percentage of available memory.
I'd go a different route.
I'd have it inherited, and I'd have the value be 0 by default, but
settable to
some different value at login.conf, or by an ancestor with root privs.
More information about the freebsd-arch
mailing list