From owner-freebsd-arch@FreeBSD.ORG  Sat Jun  2 00:11:29 2012
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BE66B106564A;
	Sat,  2 Jun 2012 00:11:29 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 4D5FF8FC24;
	Sat,  2 Jun 2012 00:11:26 +0000 (UTC)
Received: from JRE-MBP-2.local (c-67-180-24-15.hsd1.ca.comcast.net
	[67.180.24.15]) (authenticated bits=0)
	by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id q520B1QL038993
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Fri, 1 Jun 2012 17:11:03 -0700 (PDT)
	(envelope-from julian@freebsd.org)
Message-ID: <4FC95A10.7000806@freebsd.org>
Date: Fri, 01 Jun 2012 17:10:56 -0700
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Bryan Drewery <bryan@shatow.net>
References: <4FAC3EAB.6050303@delphij.net> <861umkurt8.fsf@ds4.des.no>
	<CAJ-VmokY+pgcq999NHShbq-3rK3=oeWT2WY7NmTvVdXOHZJhdg@mail.gmail.com>
	<CAF6rxgmDW21aPJ5Mp6Tbk1z02ivw4UPhSaNEX+Wiu7O0v13skA@mail.gmail.com>
	<20120517055425.GA802@infradead.org>
	<4FC762DD.90101@FreeBSD.org> <4FC81D9C.2080801@FreeBSD.org>
	<4FC8E29F.2010806@shatow.net>
In-Reply-To: <4FC8E29F.2010806@shatow.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8?=@freebsd.org,
	Adrian Chadd <adrian@freebsd.org>,
	Doug Barton <dougb@freebsd.org>, d@delphij.net,
	Andriy Gapon <avg@freebsd.org>,
	Eitan Adler <lists@eitanadler.com>, freebsd-arch@freebsd.org,
	rgrav <des@des.no>
Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged
	process?
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jun 2012 00:11:29 -0000

On 6/1/12 8:41 AM, Bryan Drewery wrote:
> On 5/31/2012 8:40 PM, Doug Barton wrote:
>> On 5/31/2012 5:23 AM, Andriy Gapon wrote:
>>> In fact, FreeBSD also has this rlimit and there seems to be full support for it on
>>> both user and kernel sides.
>>> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-user in the
>>> default configuration.  And this privilege kind of defeats the limit.
>>>
>>> Perhaps, we should/could kill the privilege and set the limit to a sufficiently
>>> small/safe value for ordinary users?
>> I like this idea, but someone else in the thread (sorry, don't have it
>> handy) brought up the point that we don't want the aggregate of per-user
>> limits to be able to bring down the system either. So the right solution
>> would seem to be a reasonable per-user limit, and a cap on the maximum
>> total amount of locked pages for all unprivileged users, probably based
>> on some percentage of total available memory?
>>
>> Doug
>>
> I like this approach. A per-user ulimit, and a global max sysctl that
> can be overridden, but by default based on a percentage of available memory.

I'd go a different route.
I'd have it inherited, and I'd have the value be 0 by default, but 
settable to
some different value at login.conf, or by an ancestor with root privs.