svn commit: r244383 - head/etc
Robert Watson
rwatson at FreeBSD.org
Tue Dec 18 09:51:47 UTC 2012
On Tue, 18 Dec 2012, Robert Watson wrote:
>> Log:
>> - Set memorylocked limit to 64Kb for default login class.
>> This prevents unprivileged users to lock too much memory.
>> - Set memorylocked limit to 64Mb for daemon login class.
>> Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
>> startup, they are run from init(8) which uses daemon login class.
>> - Set memorylocked limit to unlimited for root login class.
>>
>> Suggested by: avg
>> Approved by: kib (mentor)
>> MFC after: 1 week
>
> I think you should not MFC this one quickly -- let's wait for it to shake out
> in the -CURRENT userbase for a few months to see what breaks. I wouldn't be
> surprised if a fair number of applications (both publicly available, and
> local at various FreeBSD-using shops) are implicitly depending on their not
> being limits to memorylocked by default. After an upgrade, they might find
> that their applications simply stop working for potentially hard-to-debug
> reasons.
>
> Or we might find no one notices -- but deferring an MFC will help give us a
> better sense of which outcome is more likely.
... or maybe this doesn't matter before your later sysctl commit?
Robert
>
> Robert
>
>>
>> Modified:
>> head/etc/login.conf
>>
>> Modified: head/etc/login.conf
>> ==============================================================================
>> --- head/etc/login.conf Tue Dec 18 07:26:55 2012 (r244382)
>> +++ head/etc/login.conf Tue Dec 18 07:27:50 2012 (r244383)
>> @@ -32,7 +32,7 @@ default:\
>> :cputime=unlimited:\
>> :datasize=unlimited:\
>> :stacksize=unlimited:\
>> - :memorylocked=unlimited:\
>> + :memorylocked=64K:\
>> :memoryuse=unlimited:\
>> :filesize=unlimited:\
>> :coredumpsize=unlimited:\
>> @@ -59,6 +59,7 @@ xuser:\
>> staff:\
>> :tc=default:
>> daemon:\
>> + :memorylocked=64M:\
>> :tc=default:
>> news:\
>> :tc=default:
>> @@ -72,6 +73,7 @@ dialer:\
>> # in preference to 'default'.
>> root:\
>> :ignorenologin:\
>> + :memorylocked=unlimited:\
>> :tc=default:
>>
>> #
>>
>
More information about the svn-src-head
mailing list