From owner-freebsd-hackers@freebsd.org Wed Jan 27 07:28:56 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB88AA6F281 for ; Wed, 27 Jan 2016 07:28:55 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7F2F11DCF; Wed, 27 Jan 2016 07:28:55 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: by mail-wm0-x22a.google.com with SMTP id 123so138306658wmz.0; Tue, 26 Jan 2016 23:28:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=GDocPPXAv2nwOF+m+AhT2b/3Ty1KESzrhHKngEuqD6c=; b=MDenLqt/DuEQvi8wM76LAnO6W4mcCLybRyt1QLY7wJCpROWrPbsbMd7pcQxI4oODUN kKAx2bqNHWp+T/AiqmnpWVb7tMko9iHEPCeVNZ3I98j0n6FaG9jo/vcYcrtW+NETP3/k LC6k9JX8wSOo83FdjwBpGHfUGARwykrBKY2C3aMaE7oEhIGKfH9DE7nc/CSjqdBu3g4U Y8iIJHj1dkjv9DDbHp6WhXZNZ4ruM/CLeokePfbPDdhr0Zhlz8iQxIic4bZ0VM+Zhaim tmi2vcMn/b4Gv11ZnFK5VORECPywHoD6H4YiAFV4CkwrEdhSaDwj4QtrRJHJa1kzjx2d VPqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=GDocPPXAv2nwOF+m+AhT2b/3Ty1KESzrhHKngEuqD6c=; b=mLtiSeJEtA/48V+2+nntatIxeVxHpkwjAb73kjjxoMSnwtNS0HD8bAkZpDp5dV3n9V qc6MVjRlcPDFLqU6qv/SY7sAk6/drDWZ8+6EVwVTmLXg8wrVPiDhnSSNL3XxEeM8S6S6 Z+mCoo550F8qWr36IGiXsHj3X3cN1m18nwOVQgsKUm9hajlqu36B71FegLOGkDz45A4d OYIKJ1y78v4r3zc/16HjRyJ0mH/jo8Ymtfjq6VOjHKRTx/KA+tN0qUD5ktd26ra4A0VP 9UvIOSZf848Yk8Y8a4e5RSqhBwalZwiu9l9NyygoO1JNO84l/vFKf71WryO1JZjtPPAv XNaA== X-Gm-Message-State: AG10YOT79pMHJz/3x2fOw0kW/t1NxIw0IrelJX1P51VTbrhL1+j0HSlGeEQk+lxEe9Opeg== X-Received: by 10.28.90.67 with SMTP id o64mr26947008wmb.38.1453879733598; Tue, 26 Jan 2016 23:28:53 -0800 (PST) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by smtp.gmail.com with ESMTPSA id z127sm6854749wme.2.2016.01.26.23.28.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Jan 2016 23:28:52 -0800 (PST) Sender: Baptiste Daroussin Date: Wed, 27 Jan 2016 08:28:50 +0100 From: Baptiste Daroussin To: Allan Jude Cc: freebsd-hackers@freebsd.org Subject: Re: syslogd(8) with OOM Killer protection Message-ID: <20160127072850.GG35911@ivaldir.etoilebsd.net> References: <56A86D91.3040709@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zGQnqpIoxlsbsOfg" Content-Disposition: inline In-Reply-To: <56A86D91.3040709@freebsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jan 2016 07:28:56 -0000 --zGQnqpIoxlsbsOfg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 27, 2016 at 02:11:13AM -0500, Allan Jude wrote: > On 2016-01-27 01:21, Marcelo Araujo wrote: > > Hi guys, > >=20 > > I would like to know your opinion about this REVIEW[1]. > > The basic idea is protect by default the syslogd(8) against been killed= by > > OOM with an option to disable the protection. > >=20 > > Some people like the idea, other people would prefer something more glo= bal > > where we can protect any daemon by the discretion of our choice. > >=20 > > Thoughts? > >=20 > >=20 > > [1] https://reviews.freebsd.org/D4973 > >=20 > >=20 > > Best, > >=20 >=20 > I do like the idea of generalizing it, say via rc.subr >=20 > So you can just do: >=20 > someapp_protect=3DYES (and maybe syslogd has this enabled by default in > /etc/defaults/rc.conf) and it prefixes the start command with protect -i. >=20 I do support that idea, I think it is will be useful to more people. Bapt --zGQnqpIoxlsbsOfg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWqHGyAAoJEGOJi9zxtz5a8CIP/iYPjERo7LRI9bYP7voFhAVK M1kRJ2Cu1nC47xLBZv4Nn5I4rYluh+yl2rNW51rNtQc2FsaB9thpbI+VjyLHrbcs X7s2bLRIPzK/y6Bf4aNdIrjDINcM+cHcEY4us5lGn8gupB9m1MTEyaaY1FibEAd0 PbW3ge27b4znieGsftUT4sHPnTqEuErVoLZtJ6tdQoSvcmWBbNq8enEUf0CEb5L4 NDS59e7XWvsf2GCItLKnWN0bzo9ifhej0u87yl4fx7duSAWy5IBZWP4Q+m/B0rTd +04S8JkTJWSpHFfZdBZnQQx1oov/YVeKpxBN4mNrkFbrxGT3+NBqJmngyJNt5HRY NalYqZfs3NW/BeBcoHR0FjRvWdkIK7lSC5HQZhH4Y7ZqKo//UeWI9w4lNgV+hiA4 byYAJH38bW37eMQpVUi5+adDgCB0VWYAbghQEYVi+e5NFfNT5dAXT+gA5sJcmH39 sFe6Ru/QOPzQJFGeHEZ1Lu+S4NklQ9jhQ/EpJOCQ3y/JjF6NXg1pC4DvQECRgU/y YCiByGTQ9MgaTqhN3McaHpGxGN2yGidM3rdXSUoJPW87Ot+CfvBGakCvn2V3AGsW 4BD4rjlfzTZJxqfYEIislNK8RZdok3S4q1KW2mUWd10UostQlJzKUaCKW873C827 nS5nxTGSkPPNnmUwgYaT =nLr1 -----END PGP SIGNATURE----- --zGQnqpIoxlsbsOfg--