From owner-freebsd-arch Tue Mar 25 0:48:45 2003 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5475437B401; Tue, 25 Mar 2003 00:48:43 -0800 (PST) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id B161843F3F; Tue, 25 Mar 2003 00:48:41 -0800 (PST) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.8/8.12.8) with ESMTP id h2P8mXhV014595; Tue, 25 Mar 2003 09:48:33 +0100 (CET) (envelope-from phk@phk.freebsd.dk) To: Marcel Moolenaar Cc: David Schultz , Garance A Drosihn , Dan Nelson , Wes Peters , freebsd-arch@FreeBSD.ORG Subject: Re: Patch to protect process from pageout killing From: "Poul-Henning Kamp" In-Reply-To: Your message of "Tue, 25 Mar 2003 00:42:47 PST." <20030325084247.GA17195@dhcp01.pn.xcllnt.net> Date: Tue, 25 Mar 2003 09:48:33 +0100 Message-ID: <14594.1048582113@critter.freebsd.dk> X-Spam-Status: No, hits=-7.1 required=5.0 tests=AWL,IN_REP_TO,QUOTED_EMAIL_TEXT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20030325084247.GA17195@dhcp01.pn.xcllnt.net>, Marcel Moolenaar writ es: >> To tackle them from behind: >> >> Wes has a proposal for #3 which is a per-process flag which says >> "I'm sacred". I think that is a sound principle since that is >> usually exactly what people want: Do Not Kill This Process. >> >> Certain processes already enjoy special protection, pid==1 most >> notably, this would just be a way to make the same protection >> available to other processes. I'm not happy about using the >> resourcelimit code for booleans, and I don't think the flag >> should be inherited, but otherwise I'm for the idea. > >JFYI: On ia64 there are 12 bits in the ELF header reserved for OS >specific flags. A very natural way to flag a process as being sacred >is by flagging the ELF executable. You could use brandelf for that. Many years ago, we had a local hack so you could specify the nice(2) that a given program would be executed at (relative to the parent process) in the a.out file. This allowed us to keep games open during the day because we could argue that running at -20 they used only resources not otherwise claimed. Other operating systems have much more expressive facilities for putting attributes on a program. In some cases this is being held stronly against them. I think, but am not sure, that we can now introduce practically any policy we might like with MAC. (NB: deliberate rwatson-trigger) How the flags/attributes gets to be set on the wanted subset of processes is by no means uninteresting, but until something pays attention to the flag... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message