From owner-freebsd-arch@FreeBSD.ORG  Sat Jun  2 11:03:51 2012
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 27D56106576A;
	Sat,  2 Jun 2012 11:03:51 +0000 (UTC) (envelope-from avg@FreeBSD.org)
Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140])
	by mx1.freebsd.org (Postfix) with ESMTP id 0A3038FC16;
	Sat,  2 Jun 2012 11:03:46 +0000 (UTC)
Received: from porto.starpoint.kiev.ua (porto-e.starpoint.kiev.ua
	[212.40.38.100])
	by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id OAA23522;
	Sat, 02 Jun 2012 14:03:44 +0300 (EEST)
	(envelope-from avg@FreeBSD.org)
Received: from localhost ([127.0.0.1])
	by porto.starpoint.kiev.ua with esmtp (Exim 4.34 (FreeBSD))
	id 1Sam7U-000ILr-Bu; Sat, 02 Jun 2012 14:03:44 +0300
Message-ID: <4FC9F30E.4030205@FreeBSD.org>
Date: Sat, 02 Jun 2012 14:03:42 +0300
From: Andriy Gapon <avg@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:12.0) Gecko/20120503 Thunderbird/12.0.1
MIME-Version: 1.0
To: Doug Barton <dougb@FreeBSD.org>
References: <4FAC3EAB.6050303@delphij.net> <861umkurt8.fsf@ds4.des.no>
	<CAJ-VmokY+pgcq999NHShbq-3rK3=oeWT2WY7NmTvVdXOHZJhdg@mail.gmail.com>
	<CAF6rxgmDW21aPJ5Mp6Tbk1z02ivw4UPhSaNEX+Wiu7O0v13skA@mail.gmail.com>
	<20120517055425.GA802@infradead.org>
	<4FC762DD.90101@FreeBSD.org> <4FC81D9C.2080801@FreeBSD.org>
In-Reply-To: <4FC81D9C.2080801@FreeBSD.org>
X-Enigmail-Version: 1.5pre
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8?=@FreeBSD.org,
	Adrian Chadd <adrian@FreeBSD.org>, d@delphij.net,
	Eitan Adler <lists@eitanadler.com>, freebsd-arch@FreeBSD.org,
	rgrav <des@des.no>
Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged
	process?
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jun 2012 11:03:51 -0000

on 01/06/2012 04:40 Doug Barton said the following:
> On 5/31/2012 5:23 AM, Andriy Gapon wrote:
>> In fact, FreeBSD also has this rlimit and there seems to be full support for it on
>> both user and kernel sides.
>> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-user in the
>> default configuration.  And this privilege kind of defeats the limit.
>>
>> Perhaps, we should/could kill the privilege and set the limit to a sufficiently
>> small/safe value for ordinary users?
> 
> I like this idea, but someone else in the thread (sorry, don't have it
> handy) brought up the point that we don't want the aggregate of per-user
> limits to be able to bring down the system either.


The unprivileged users can not spawn any new users on their own and there is a
limit on number of processes per user, so a system administrator should be able
to plan resource limits based on system capacity and utilization.

> So the right solution
> would seem to be a reasonable per-user limit, and a cap on the maximum
> total amount of locked pages for all unprivileged users, probably based
> on some percentage of total available memory?

I would agree for a default limit of zero even.  As long as I (as a system
administrator) am able to increase it for selected users and groups.

-- 
Andriy Gapon