Date: Fri, 01 Jun 2012 10:41:19 -0500 From: Bryan Drewery <bryan@shatow.net> To: Doug Barton <dougb@FreeBSD.org> Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8?=@FreeBSD.ORG, Adrian Chadd <adrian@FreeBSD.org>, d@delphij.net, Andriy Gapon <avg@FreeBSD.org>, Eitan Adler <lists@eitanadler.com>, freebsd-arch@FreeBSD.org, rgrav <des@des.no> Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged process? Message-ID: <4FC8E29F.2010806@shatow.net> In-Reply-To: <4FC81D9C.2080801@FreeBSD.org> References: <4FAC3EAB.6050303@delphij.net> <861umkurt8.fsf@ds4.des.no> <CAJ-VmokY%2Bpgcq999NHShbq-3rK3=oeWT2WY7NmTvVdXOHZJhdg@mail.gmail.com> <CAF6rxgmDW21aPJ5Mp6Tbk1z02ivw4UPhSaNEX%2BWiu7O0v13skA@mail.gmail.com> <20120517055425.GA802@infradead.org> <4FC762DD.90101@FreeBSD.org> <4FC81D9C.2080801@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB651918E900EB354EF176708 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 5/31/2012 8:40 PM, Doug Barton wrote: > On 5/31/2012 5:23 AM, Andriy Gapon wrote: >> In fact, FreeBSD also has this rlimit and there seems to be full suppo= rt for it on >> both user and kernel sides. >> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-us= er in the >> default configuration. And this privilege kind of defeats the limit. >> >> Perhaps, we should/could kill the privilege and set the limit to a suf= ficiently >> small/safe value for ordinary users? >=20 > I like this idea, but someone else in the thread (sorry, don't have it > handy) brought up the point that we don't want the aggregate of per-use= r > limits to be able to bring down the system either. So the right solutio= n > would seem to be a reasonable per-user limit, and a cap on the maximum > total amount of locked pages for all unprivileged users, probably based= > on some percentage of total available memory? >=20 > Doug >=20 I like this approach. A per-user ulimit, and a global max sysctl that can be overridden, but by default based on a percentage of available memo= ry. --=20 Regards, Bryan Drewery --------------enigB651918E900EB354EF176708 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPyOKjAAoJEG54KsA8mwz5DBcP/2Z14YhYXnsnl2h3yAIcrB04 89cEVNWqeSaRhRrenGkTDI3qhpzd19D/huugd50YT9L+HJUehmBbL8kL0a6tc0KF 8COlXldFOWL1v3TmXgbkirE9+eEp1AoGh/f/SiKDBLPwufLMOO/NMvElPSgkofV1 sVFy56824PELgaK0aUeqNYSM+VzCGlgetVCJuyBSs6TguBIp21A9/W+UIfRb3ZLI mdVIjhZyzHMzFz8PbdSkVv7PMoCW/hEhHELDZTgiVShX7UjbE7rTmOQoOILPgv/B xPgUv6FdSD3OkRBy1v0TXunnj8ztdolEU0rpkBQASFI0meoYcAnh9ixvLZESK9Rt remsIzaynZOqnOfATuPT9ukehf52Yz1O2qTH148H9Ija9+V0gI0n0SpXnu4RHQ92 fCwGHGNq0yw1LmvzA1qWPRRXc+RcVERowPLA0ILCwCwtUFBUnymy4qdZsmJyNLZ7 SpB5DMTM6vB9eiUrOGdFUfh/xqQDNcMJcPuWlUTHrzHADkKe+Qch4QhIg7q5shBK 46a5BT4IFeEqjNZuNZm/jfF7FsIPcCweerwHpM46d12COj2iglMgy/BFuuBmVjSJ jtfltEZI3FmCfIZOWzZfbnDhreVdE+ATESD49PKOyINDv7K2UvMfrg5O7ywSY61n m5goeGBBQ7E5suuiniGj =jY8i -----END PGP SIGNATURE----- --------------enigB651918E900EB354EF176708--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FC8E29F.2010806>