From owner-freebsd-hackers@freebsd.org  Wed Jan 27 10:35:41 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 93AAAA6F9A2
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Wed, 27 Jan 2016 10:35:41 +0000 (UTC) (envelope-from crest@rlwinm.de)
Received: from smtp.rlwinm.de (smtp.rlwinm.de [IPv6:2a01:4f8:201:31ef::e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 630551B2D
 for <freebsd-hackers@freebsd.org>; Wed, 27 Jan 2016 10:35:41 +0000 (UTC)
 (envelope-from crest@rlwinm.de)
Received: from crest.local (unknown [87.253.189.132])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by smtp.rlwinm.de (Postfix) with ESMTPSA id ACFA6F550
 for <freebsd-hackers@freebsd.org>; Wed, 27 Jan 2016 11:35:38 +0100 (CET)
Subject: Re: syslogd(8) with OOM Killer protection
To: freebsd-hackers@freebsd.org
References: <CAOfEmZgzL2Ldu53CeSsKcUe00H1VAukhEopSUmpUK0=XAhsD1A@mail.gmail.com>
 <56A86D91.3040709@freebsd.org> <20160127072850.GG35911@ivaldir.etoilebsd.net>
 <CAAoTqfuVr_iXR=_AaGXTTGs20sfWeH76m3yDC-hvAL4kB9iKNA@mail.gmail.com>
From: Jan Bramkamp <crest@rlwinm.de>
Message-ID: <56A89D7A.8080906@rlwinm.de>
Date: Wed, 27 Jan 2016 11:35:38 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
 Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <CAAoTqfuVr_iXR=_AaGXTTGs20sfWeH76m3yDC-hvAL4kB9iKNA@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 10:35:41 -0000



On 27/01/16 09:27, Pavel Timofeev wrote:
> 2016-01-27 10:28 GMT+03:00 Baptiste Daroussin <bapt@freebsd.org>:
>> On Wed, Jan 27, 2016 at 02:11:13AM -0500, Allan Jude wrote:
>>> On 2016-01-27 01:21, Marcelo Araujo wrote:
>>>> Hi guys,
>>>>
>>>> I would like to know your opinion about this REVIEW[1].
>>>> The basic idea is protect by default the syslogd(8) against been killed by
>>>> OOM with an option to disable the protection.
>>>>
>>>> Some people like the idea, other people would prefer something more global
>>>> where we can protect any daemon by the discretion of our choice.
>>>>
>>>> Thoughts?
>>>>
>>>>
>>>> [1] https://reviews.freebsd.org/D4973
>>>>
>>>>
>>>> Best,
>>>>
>>>
>>> I do like the idea of generalizing it, say via rc.subr
>>>
>>> So you can just do:
>>>
>>> someapp_protect=YES (and maybe syslogd has this enabled by default in
>>> /etc/defaults/rc.conf) and it prefixes the start command with protect -i.
>>>
>> I do support that idea, I think it is will be useful to more people.
>>
>> Bapt
>
> I'm one that people. I find this generilized way very usefull.
> I have least a couple of daemons that it'd never wanted to be OOMed on
> my machines. Besides syslogd, I'd protect sshd and even crond in some
> cases.

I would prefer to implement the a flag keeping cron (and all other base 
system daemons) from double-forking and run it under a process 
supervisor like daemontools.