Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 12 Apr 2008 15:55:05 -0400
From:      David Schultz <das@FreeBSD.ORG>
To:        Joe Marcus Clarke <marcus@FreeBSD.ORG>
Cc:        mezz7@cox.net, imp@FreeBSD.ORG, current@FreeBSD.ORG, Coleman Kane <cokane@FreeBSD.ORG>
Subject:   Re: mlock(2), unprivileged users, and RLIMIT_MEMLOCK
Message-ID:  <20080412195505.GA36208@zim.MIT.EDU>
In-Reply-To: <1208028217.82222.32.camel@shumai.marcuscom.com>
References:  <1208027381.1327.31.camel@localhost> <1208028217.82222.32.camel@shumai.marcuscom.com>
index | next in thread | previous in thread | raw e-mail 

On Sat, Apr 12, 2008, Joe Marcus Clarke wrote:
> On Sat, 2008-04-12 at 15:09 -0400, Coleman Kane wrote:
> > Hello,
> > 
> > Recently we've been having a discussion on the GNOME list about fixing
> > the seahorse breakage introduced with the latest GNOME 2.22, rooted in
> > the fact that FreeBSD's mlock(2) implementation is only usable if you
> > have superuser privileges. Due to bugs in seahorse, the lack of mlock(2)
> > causes many seahorse applications to die. I've posted a suggested patch
> > to 
[...]
> > As a third idea, we could leave the per-process limit (to abide by
> > historical documentation), but also add a sysctl that enforces a
> > system-wide "max mlock pages" which can be tested by the mlock(2)
> > syscall, refusing to mlock(2) more memory if the limit is hit.
> 
> I think this already exists in -CURRENT: vm.max_wired ("System-wide
> limit to wired page count").  This is tested by mlock(2) in addition to
> RLIMIT_MEMLOCK.

First of all, many other operating systems such as Solaris also
restrict mlock(2) to the superuser, so this is a bug in seahorse.

That said, it seems like allowing ordinary users to mlock(2) small
amounts of memory (e.g., vm_page_max_wired / 4 across all
non-superuser processes by default) would fix your problem and be
easy to implement.  Of course, per-user or per-process limits
would be more flexible, but how many people really have lots of
users who are trying to abuse the system?
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080412195505.GA36208>