From owner-freebsd-arch@FreeBSD.ORG Thu Mar 27 18:12:17 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 393B137B404; Thu, 27 Mar 2003 18:12:17 -0800 (PST) Received: from mail01.stbernard.com (mail01.stbernard.com [64.154.93.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20C5643FBF; Thu, 27 Mar 2003 18:12:15 -0800 (PST) (envelope-from wes@softweyr.com) Received: from salty.rapid.stbernard.com ([192.168.4.61]) by mail01.stbernard.com with Microsoft SMTPSVC(5.0.2195.5329); Thu, 27 Mar 2003 18:12:14 -0800 From: Wes Peters Organization: Softweyr.com To: "Poul-Henning Kamp" , Marcel Moolenaar Date: Thu, 27 Mar 2003 18:12:13 -0800 User-Agent: KMail/1.5 References: <14594.1048582113@critter.freebsd.dk> In-Reply-To: <14594.1048582113@critter.freebsd.dk> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200303271812.13745.wes@softweyr.com> X-OriginalArrivalTime: 28 Mar 2003 02:12:14.0027 (UTC) FILETIME=[72BE31B0:01C2F4CF] X-Spam-Status: No, hits=-25.4 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, RCVD_IN_UNCONFIRMED_DSBL,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: David Schultz cc: freebsd-arch@FreeBSD.ORG Subject: Re: Patch to protect process from pageout killing X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Mar 2003 02:12:20 -0000 On Tuesday 25 March 2003 00:48, Poul-Henning Kamp wrote: > In message <20030325084247.GA17195@dhcp01.pn.xcllnt.net>, Marcel > Moolenaar writes: > >> To tackle them from behind: > >> > >> Wes has a proposal for #3 which is a per-process flag which says > >> "I'm sacred". I think that is a sound principle since that is > >> usually exactly what people want: Do Not Kill This Process. > >> > >> Certain processes already enjoy special protection, pid==1 most > >> notably, this would just be a way to make the same protection > >> available to other processes. I'm not happy about using the > >> resourcelimit code for booleans, and I don't think the flag > >> should be inherited, but otherwise I'm for the idea. > > > >JFYI: On ia64 there are 12 bits in the ELF header reserved for OS > >specific flags. A very natural way to flag a process as being sacred > >is by flagging the ELF executable. You could use brandelf for that. > > Many years ago, we had a local hack so you could specify the nice(2) > that a given program would be executed at (relative to the parent > process) in the a.out file. This allowed us to keep games open > during the day because we could argue that running at -20 they used > only resources not otherwise claimed. > > Other operating systems have much more expressive facilities for > putting attributes on a program. In some cases this is being held > stronly against them. You could easily implement this with an ELF executable by adding "note" section(s) containing the attributes in a format understood by your loader or linker. A hackup of brandelf could modify the binaries in well-specified ways. You could also do this with extended attributes on the executable/ library files. > I think, but am not sure, that we can now introduce practically any > policy we might like with MAC. (NB: deliberate rwatson-trigger) > > How the flags/attributes gets to be set on the wanted subset of > processes is by no means uninteresting, but until something pays > attention to the flag... Working on it. -- "Where am I, and what am I doing in this handbasket?" Wes Peters wes@softweyr.com