From nobody Tue Jul 12 15:22:46 2022
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E1A711D0EB0C;
	Tue, 12 Jul 2022 15:22:48 +0000 (UTC)
	(envelope-from mpp302@gmail.com)
Received: from mail-ej1-f43.google.com (mail-ej1-f43.google.com [209.85.218.43])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Lj4J865bkz3HTD;
	Tue, 12 Jul 2022 15:22:48 +0000 (UTC)
	(envelope-from mpp302@gmail.com)
Received: by mail-ej1-f43.google.com with SMTP id b11so14887467eju.10;
        Tue, 12 Jul 2022 08:22:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:references:from:in-reply-to
         :content-transfer-encoding;
        bh=95XcI1XiSbd5iNzJE/97t4EAlcfSnbtIm6qwVIe6Yt4=;
        b=fICE5Mzty/4tlbRNeXn0jzkqyBbhzExXYAHOzuxIOFU60xtMZIh4GdVdtxLGn3Fyki
         O9udg1qFMZlf+qURod4+p10hqehyXSg2jEGhjpgtB0tlYn1mRVZhC2n8odIqgsOB5Fo9
         1F9Wfr5EjoCVrbgY0kMLo6cRlTl9JuLIEVjpNg9oLK1VUjoLlMJSDQa/0gsHQK+Pgrke
         huwzeaz/Te2c15geKn7/VdozR6yKuVssSe7gFF3UZoP1f/2oXY6Jp6sAJBwMzNZo/d/l
         uQocIvJfbHNfhpML93cG/A6Y9prKOcru6cXcH4l299P7zNzazDrZU4u0Bc/KB8/QxKX2
         oEHQ==
X-Gm-Message-State: AJIora8uVw2RnblMr6170ZqfyizFqXqRlKzfT5DtggoNsYX/Ny6Tjvu5
	LNylqW0YKOeU8qDJMZwXEd7o8pihblQ=
X-Google-Smtp-Source: AGRyM1s2dAKZf+ZoZsRlc+CMMNTw26Dv9NWkHNZOKSNf+bSj6q1tqvFdNsswaOp+wbp3fjVK81x4WA==
X-Received: by 2002:a17:906:dc8c:b0:722:f40e:e653 with SMTP id cs12-20020a170906dc8c00b00722f40ee653mr24678652ejc.83.1657639366712;
        Tue, 12 Jul 2022 08:22:46 -0700 (PDT)
Received: from ?IPV6:2a02:8109:8680:1304:8e16:45ff:fe82:fbac? ([2a02:8109:8680:1304:8e16:45ff:fe82:fbac])
        by smtp.gmail.com with ESMTPSA id cb1-20020a0564020b6100b0043a6dc3c4b0sm6182664edb.41.2022.07.12.08.22.45
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 12 Jul 2022 08:22:46 -0700 (PDT)
Message-ID: <e7e882cf-d6df-6239-9345-666facda60e5@FreeBSD.org>
Date: Tue, 12 Jul 2022 17:22:46 +0200
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101
 Thunderbird/91.11.0
Subject: Re: git: 6452fb1e87ed - main - protect.1: Document that protect(1)
 does not work in jails
Content-Language: en-US
To: Eugene Grosbein <eugen@grosbein.net>, src-committers@FreeBSD.org,
 dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
References: <202207112249.26BMn2M4035013@gitrepo.freebsd.org>
 <f7bf79f5-db75-2b6b-f37c-2bd79c1409cc@grosbein.net>
From: Mateusz Piotrowski <0mp@FreeBSD.org>
In-Reply-To: <f7bf79f5-db75-2b6b-f37c-2bd79c1409cc@grosbein.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Rspamd-Queue-Id: 4Lj4J865bkz3HTD
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N

On 12/07/2022 15:51, Eugene Grosbein wrote:
> 12.07.2022 5:49, Mateusz Piotrowski wrote:
>
>>      protect.1: Document that protect(1) does not work in jails
>>      
>>      The reason is that in order to protect a process procctl(2) needs
>>      the PRIV_VM_MADV_PROTECT privilege, which is currently denied in jails
>>      (see kern_jail.c).
>>
>>
> Does it mean that syslogd_oomprotect="YES" in /etc/defaults/rc.conf is inappropriate for full-blown jail
> and results in failure of syslogd startup in such jail with defaults?
>
>
*_oomprotect is currently silently ignored inside jails. See rc.subr for the implementation and 
recent changes to rc.conf(5) for additional details.

Best,

Mateusz