From owner-svn-src-head@FreeBSD.ORG Tue Dec 18 09:50:47 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BAD2E4E4; Tue, 18 Dec 2012 09:50:47 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 8D00A8FC14; Tue, 18 Dec 2012 09:50:47 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 1BB6046B06; Tue, 18 Dec 2012 04:50:47 -0500 (EST) Date: Tue, 18 Dec 2012 09:50:46 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Andrey Zonov Subject: Re: svn commit: r244383 - head/etc In-Reply-To: <201212180727.qBI7Rp0t084371@svn.freebsd.org> Message-ID: References: <201212180727.qBI7Rp0t084371@svn.freebsd.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Dec 2012 09:50:47 -0000 On Tue, 18 Dec 2012, Andrey Zonov wrote: > Author: zont > Date: Tue Dec 18 07:27:50 2012 > New Revision: 244383 > URL: http://svnweb.freebsd.org/changeset/base/244383 > > Log: > - Set memorylocked limit to 64Kb for default login class. > This prevents unprivileged users to lock too much memory. > - Set memorylocked limit to 64Mb for daemon login class. > Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on > startup, they are run from init(8) which uses daemon login class. > - Set memorylocked limit to unlimited for root login class. > > Suggested by: avg > Approved by: kib (mentor) > MFC after: 1 week I think you should not MFC this one quickly -- let's wait for it to shake out in the -CURRENT userbase for a few months to see what breaks. I wouldn't be surprised if a fair number of applications (both publicly available, and local at various FreeBSD-using shops) are implicitly depending on their not being limits to memorylocked by default. After an upgrade, they might find that their applications simply stop working for potentially hard-to-debug reasons. Or we might find no one notices -- but deferring an MFC will help give us a better sense of which outcome is more likely. Robert > > Modified: > head/etc/login.conf > > Modified: head/etc/login.conf > ============================================================================== > --- head/etc/login.conf Tue Dec 18 07:26:55 2012 (r244382) > +++ head/etc/login.conf Tue Dec 18 07:27:50 2012 (r244383) > @@ -32,7 +32,7 @@ default:\ > :cputime=unlimited:\ > :datasize=unlimited:\ > :stacksize=unlimited:\ > - :memorylocked=unlimited:\ > + :memorylocked=64K:\ > :memoryuse=unlimited:\ > :filesize=unlimited:\ > :coredumpsize=unlimited:\ > @@ -59,6 +59,7 @@ xuser:\ > staff:\ > :tc=default: > daemon:\ > + :memorylocked=64M:\ > :tc=default: > news:\ > :tc=default: > @@ -72,6 +73,7 @@ dialer:\ > # in preference to 'default'. > root:\ > :ignorenologin:\ > + :memorylocked=unlimited:\ > :tc=default: > > # >