Date: Thu, 9 Nov 2023 09:09:00 +0100 From: Robert Clausecker <fuz@fuz.su> To: Alexander Leidinger <Alexander@leidinger.net> Cc: freebsd-arch@freebsd.org Subject: Re: Any particular reason we don't have sshd oomprotected by default? Message-ID: <ZUyTnDAJ3HOppG8h@fuz.su> In-Reply-To: <8b9484ba83e373ece0e322e14c924da6@Leidinger.net> References: <8b9484ba83e373ece0e322e14c924da6@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Alexander, I encountered the same issue a while ago, leaving my system in a vegetative state. I would propose to add syslogd and cron to the list. Syslogd because when it dies and you don't notice, you may go for a long time without syslogs, cron because a dead cron means no housekeeping tasks happen, including some which the administrator may have intended to fix an issue causing an OOM condition (e.g. periodically restarting services with known memory leaks or cleaning tmpfs-based file systems). Yours, Robert Clausecker Am Thu, Nov 09, 2023 at 08:54:22AM +0100 schrieb Alexander Leidinger: > Hi, > > We have syslogd oomprotected by default (/etc/defaults/rc.conf). Is there a > particular reason we don't have sshd protected the same way? > > Any objections if I would commit such a change (sshd_oomprotect=YES in > defaults/rc.conf)? > > I was also thinking about which other daemon we should protect by default, > but apart from the need to make sure important logs are written to find > issues which may have caused the oom trigger, and the need to be able to > login to such a troubled system, I didn't see any other service as such > critical (we could argue about ntpd, but I send to be on the "may be > protected" (not for my use cases) and not to be on the "has to be protected" > side) to include it in this proposal. > > Bye, > Alexander. > > -- > http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF > http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF -- () ascii ribbon campaign - for an 8-bit clean world /\ - against html email - against proprietary attachments
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZUyTnDAJ3HOppG8h>