Date: Tue, 18 Dec 2012 09:51:46 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Andrey Zonov <zont@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r244383 - head/etc Message-ID: <alpine.BSF.2.00.1212180951260.22858@fledge.watson.org> In-Reply-To: <alpine.BSF.2.00.1212180948190.22858@fledge.watson.org> References: <201212180727.qBI7Rp0t084371@svn.freebsd.org> <alpine.BSF.2.00.1212180948190.22858@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Dec 2012, Robert Watson wrote: >> Log: >> - Set memorylocked limit to 64Kb for default login class. >> This prevents unprivileged users to lock too much memory. >> - Set memorylocked limit to 64Mb for daemon login class. >> Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on >> startup, they are run from init(8) which uses daemon login class. >> - Set memorylocked limit to unlimited for root login class. >> >> Suggested by: avg >> Approved by: kib (mentor) >> MFC after: 1 week > > I think you should not MFC this one quickly -- let's wait for it to shake out > in the -CURRENT userbase for a few months to see what breaks. I wouldn't be > surprised if a fair number of applications (both publicly available, and > local at various FreeBSD-using shops) are implicitly depending on their not > being limits to memorylocked by default. After an upgrade, they might find > that their applications simply stop working for potentially hard-to-debug > reasons. > > Or we might find no one notices -- but deferring an MFC will help give us a > better sense of which outcome is more likely. ... or maybe this doesn't matter before your later sysctl commit? Robert > > Robert > >> >> Modified: >> head/etc/login.conf >> >> Modified: head/etc/login.conf >> ============================================================================== >> --- head/etc/login.conf Tue Dec 18 07:26:55 2012 (r244382) >> +++ head/etc/login.conf Tue Dec 18 07:27:50 2012 (r244383) >> @@ -32,7 +32,7 @@ default:\ >> :cputime=unlimited:\ >> :datasize=unlimited:\ >> :stacksize=unlimited:\ >> - :memorylocked=unlimited:\ >> + :memorylocked=64K:\ >> :memoryuse=unlimited:\ >> :filesize=unlimited:\ >> :coredumpsize=unlimited:\ >> @@ -59,6 +59,7 @@ xuser:\ >> staff:\ >> :tc=default: >> daemon:\ >> + :memorylocked=64M:\ >> :tc=default: >> news:\ >> :tc=default: >> @@ -72,6 +73,7 @@ dialer:\ >> # in preference to 'default'. >> root:\ >> :ignorenologin:\ >> + :memorylocked=unlimited:\ >> :tc=default: >> >> # >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1212180951260.22858>