From owner-freebsd-arch@FreeBSD.ORG Fri Jun 1 15:41:22 2012 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5BE221065679 for ; Fri, 1 Jun 2012 15:41:22 +0000 (UTC) (envelope-from bryan@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id A98AE8FC12 for ; Fri, 1 Jun 2012 15:41:21 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type; q=dns; s=sweb; b=OQz+T/sQiaxmoD9DZU2K7Wgxou2gtSX9 6EPyS2MoR2nEHhjfLHYEtTyS9XFb8LDzPHCkI/1obWkDdGa2M7NanfWm42P9A+xF 0EMgTbh6M2YYtG6vuRwNEIoFyuVVuGNGv2fGI2ygBIjeou0yC4QDaiS/oNivG7NK FbPzeHOXuEI= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type; s=sweb; bh=kBrTc/W9qIgsyOKMzK/PVWXkHzwP4HWcGp7Xnh UzNmk=; b=swaLiDY9Fyw/S2EihR7Km6i3EJDI9uFyI+o7OkIYu6w6SJ8ozOb7gS 6nb4n+W3UZVdYzp7CcfDQ7sl3fSOYynu9aLPkiH4W8NPhvuOqa/fPrpuvIe7V8oe F8mjRPRZu6g9rS5Zn3wIlsWJNFi0ijBz7NxnnjZFVsfL9OnDK4JTk= Received: (qmail 3984 invoked from network); 1 Jun 2012 10:41:17 -0500 Received: from unknown (HELO ?192.168.21.109?) (bryan@shatow.net@74.94.87.209) by sweb.xzibition.com with ESMTPA; 1 Jun 2012 10:41:17 -0500 Message-ID: <4FC8E29F.2010806@shatow.net> Date: Fri, 01 Jun 2012 10:41:19 -0500 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Doug Barton References: <4FAC3EAB.6050303@delphij.net> <861umkurt8.fsf@ds4.des.no> <20120517055425.GA802@infradead.org> <4FC762DD.90101@FreeBSD.org> <4FC81D9C.2080801@FreeBSD.org> In-Reply-To: <4FC81D9C.2080801@FreeBSD.org> X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigB651918E900EB354EF176708" Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8?=@FreeBSD.ORG, Adrian Chadd , d@delphij.net, Andriy Gapon , Eitan Adler , freebsd-arch@FreeBSD.org, rgrav Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged process? X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jun 2012 15:41:22 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB651918E900EB354EF176708 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 5/31/2012 8:40 PM, Doug Barton wrote: > On 5/31/2012 5:23 AM, Andriy Gapon wrote: >> In fact, FreeBSD also has this rlimit and there seems to be full suppo= rt for it on >> both user and kernel sides. >> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-us= er in the >> default configuration. And this privilege kind of defeats the limit. >> >> Perhaps, we should/could kill the privilege and set the limit to a suf= ficiently >> small/safe value for ordinary users? >=20 > I like this idea, but someone else in the thread (sorry, don't have it > handy) brought up the point that we don't want the aggregate of per-use= r > limits to be able to bring down the system either. So the right solutio= n > would seem to be a reasonable per-user limit, and a cap on the maximum > total amount of locked pages for all unprivileged users, probably based= > on some percentage of total available memory? >=20 > Doug >=20 I like this approach. A per-user ulimit, and a global max sysctl that can be overridden, but by default based on a percentage of available memo= ry. --=20 Regards, Bryan Drewery --------------enigB651918E900EB354EF176708 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPyOKjAAoJEG54KsA8mwz5DBcP/2Z14YhYXnsnl2h3yAIcrB04 89cEVNWqeSaRhRrenGkTDI3qhpzd19D/huugd50YT9L+HJUehmBbL8kL0a6tc0KF 8COlXldFOWL1v3TmXgbkirE9+eEp1AoGh/f/SiKDBLPwufLMOO/NMvElPSgkofV1 sVFy56824PELgaK0aUeqNYSM+VzCGlgetVCJuyBSs6TguBIp21A9/W+UIfRb3ZLI mdVIjhZyzHMzFz8PbdSkVv7PMoCW/hEhHELDZTgiVShX7UjbE7rTmOQoOILPgv/B xPgUv6FdSD3OkRBy1v0TXunnj8ztdolEU0rpkBQASFI0meoYcAnh9ixvLZESK9Rt remsIzaynZOqnOfATuPT9ukehf52Yz1O2qTH148H9Ija9+V0gI0n0SpXnu4RHQ92 fCwGHGNq0yw1LmvzA1qWPRRXc+RcVERowPLA0ILCwCwtUFBUnymy4qdZsmJyNLZ7 SpB5DMTM6vB9eiUrOGdFUfh/xqQDNcMJcPuWlUTHrzHADkKe+Qch4QhIg7q5shBK 46a5BT4IFeEqjNZuNZm/jfF7FsIPcCweerwHpM46d12COj2iglMgy/BFuuBmVjSJ jtfltEZI3FmCfIZOWzZfbnDhreVdE+ATESD49PKOyINDv7K2UvMfrg5O7ywSY61n m5goeGBBQ7E5suuiniGj =jY8i -----END PGP SIGNATURE----- --------------enigB651918E900EB354EF176708--