Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 Feb 2017 03:29:53 +0000
From:      =?iso-8859-1?Q?Bruno_Lauz=E9?= <brunolauze@msn.com>
To:        Xin LI <delphij@gmail.com>
Cc:        freebsd-current <freebsd-current@freebsd.org>
Subject:   Re: mlock and jail
Message-ID:  <SN1PR16MB06402B4C31A998489FE13BC4C64C0@SN1PR16MB0640.namprd16.prod.outlook.com>
In-Reply-To: <CAGMYy3s1izaqZaFrq6Ycxr7KFq_wQEPTo=wMpObRVPbxkttJQg@mail.gmail.com>
References:  <SN1PR16MB0640DDC0DACEF22A63E7467FC64D0@SN1PR16MB0640.namprd16.prod.outlook.com>, <CAGMYy3s1izaqZaFrq6Ycxr7KFq_wQEPTo=wMpObRVPbxkttJQg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks you.

The app in fact is dotnet https://github.com/dotnet/coreclr

And since it's already possible to cap overall memory with rctl ( -- jail:h=
ttpd:memoryuse:deny=3D2G/jail -- or -- jail:httpd:memorylocked:deny=3D1G/ja=
il  -- ) it seems correct to say the lock weight could only be within those=
 limits?


But right now memorylocked rctl does apply since prison is denied mlock. I =
might be missing something. Thanks for your help.


By the way, FreeBSD would gain a lot pushing for dotnet support as it did w=
ith Java in the days.

________________________________
From: Xin LI <delphij@gmail.com>
Sent: February 1, 2017 8:31:35 PM
To: Bruno Lauz=E9
Cc: freebsd-current
Subject: Re: mlock and jail

I like this idea.

Note that potentially your patch would make it possible for a jailed
root to DoS the whole system by locking too much of pages in memory.
I think it would be sensible to provide a per-jail flag to enable
doing it, or better, have some finer grained control (e.g. per jail
quota of permitted locked pages).

Why did the application want to lock pages in main memory, though?

On Wed, Feb 1, 2017 at 3:52 PM, Bruno Lauz=E9 <brunolauze@msn.com> wrote:
>
> I would like to ask if there is a reason I would have to applythe  patch =
below to make an application work in a jail.
> And who's bad? the app too intrusive or the bsd not flexible enough (allo=
w.mlock?)
>
>
> Index: sys/kern/kern_jail.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sys/kern/kern_jail.c        (revision 313033)
> +++ sys/kern/kern_jail.c        (working copy)
> @@ -3340,6 +3340,11 @@
>         case PRIV_PROC_SETLOGINCLASS:
>                 return (0);
>
>
> +        case PRIV_VM_MADV_PROTECT:
> +        case PRIV_VM_MLOCK:
> +        case PRIV_VM_MUNLOCK:
> +                return (0);
> +
>         default:
>
>
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org=
"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SN1PR16MB06402B4C31A998489FE13BC4C64C0>