From owner-svn-src-all@freebsd.org Wed Feb 24 01:32:14 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6FB07AB2E93; Wed, 24 Feb 2016 01:32:14 +0000 (UTC) (envelope-from araujo@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4AA0CC23; Wed, 24 Feb 2016 01:32:14 +0000 (UTC) (envelope-from araujo@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u1O1WDJ3012544; Wed, 24 Feb 2016 01:32:13 GMT (envelope-from araujo@FreeBSD.org) Received: (from araujo@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u1O1WD0d012541; Wed, 24 Feb 2016 01:32:13 GMT (envelope-from araujo@FreeBSD.org) Message-Id: <201602240132.u1O1WD0d012541@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: araujo set sender to araujo@FreeBSD.org using -f From: Marcelo Araujo Date: Wed, 24 Feb 2016 01:32:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r295949 - in head: etc etc/defaults share/man/man8 X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Feb 2016 01:32:14 -0000 Author: araujo Date: Wed Feb 24 01:32:12 2016 New Revision: 295949 URL: https://svnweb.freebsd.org/changeset/base/295949 Log: - Add a global option where we can protect processes when swap space is exhausted. How to use: Basically we need to add on rc.conf an another option like: If we want to protect only the main processes. syslogd_oomprotect="YES" If we want to protect all future children of the specified processes. syslogd_oomprotect="ALL" PR: 204741 (based on) Submitted by: eugen@grosbein.net Reviewed by: jhb, allanjude, rpokala and bapt MFC after: 4 weeks Relnotes: Yes Sponsored by: gandi.net Differential Revision: https://reviews.freebsd.org/D5176 Modified: head/etc/defaults/rc.conf head/etc/rc.subr head/share/man/man8/rc.subr.8 Modified: head/etc/defaults/rc.conf ============================================================================== --- head/etc/defaults/rc.conf Wed Feb 24 01:30:50 2016 (r295948) +++ head/etc/defaults/rc.conf Wed Feb 24 01:32:12 2016 (r295949) @@ -253,6 +253,7 @@ hostapd_enable="NO" # Run hostap daemon syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one. syslogd_flags="-s" # Flags to syslogd (if enabled). +syslogd_oomprotect="YES" # Don't kill syslogd when swap space is exhausted. altlog_proglist="" # List of chrooted applicatioins in /var inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one. Modified: head/etc/rc.subr ============================================================================== --- head/etc/rc.subr Wed Feb 24 01:30:50 2016 (r295948) +++ head/etc/rc.subr Wed Feb 24 01:32:12 2016 (r295949) @@ -45,6 +45,7 @@ _rc_subr_loaded="YES" SYSCTL="/sbin/sysctl" SYSCTL_N="${SYSCTL} -n" SYSCTL_W="${SYSCTL}" +PROTECT="/usr/bin/protect" ID="/usr/bin/id" IDCMD="if [ -x $ID ]; then $ID -un; fi" PS="/bin/ps -ww" @@ -755,6 +756,8 @@ check_startmsgs() # # ${name}_nice n Nice level to run ${command} at. # +# ${name}_oomprotect n Don't kill ${command} when swap space is exhausted. +# # ${name}_user n User to run ${command} as, using su(1) if not # using ${name}_chroot. # Requires /usr to be mounted. @@ -944,7 +947,8 @@ run_rc_command() _nice=\$${name}_nice _user=\$${name}_user \ _group=\$${name}_group _groups=\$${name}_groups \ _fib=\$${name}_fib _env=\$${name}_env \ - _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} + _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \ + _oomprotect=\$${name}_oomprotect if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then @@ -1182,6 +1186,26 @@ $command $rc_flags $command_args" ;; esac + + # Apply protect(1) to the PID if ${name}_oomprotect is set. + case "$rc_arg" in + start) + if [ -n "$_oomprotect" ]; then + if [ -f "${PROTECT}" ]; then + pid=$(check_process $command) + case $_oomprotect in + [Aa][Ll][Ll]) + ${PROTECT} -i -p ${pid} + ;; + [Yy][Ee][Ss]) + ${PROTECT} -p ${pid} + ;; + esac + fi + fi + ;; + esac + return $_return done Modified: head/share/man/man8/rc.subr.8 ============================================================================== --- head/share/man/man8/rc.subr.8 Wed Feb 24 01:30:50 2016 (r295948) +++ head/share/man/man8/rc.subr.8 Wed Feb 24 01:32:12 2016 (r295949) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 12, 2014 +.Dd February 4, 2016 .Dt RC.SUBR 8 .Os .Sh NAME @@ -604,6 +604,16 @@ as. Only supported after .Pa /usr is mounted. +.It Va ${name}_oomprotect +.Xr protect 1 +.Va command +from being killed when swap space is exhausted. +If +.Em YES +is used, no child processes are protected. +If +.Em ALL , +protect all child processes. .It Va ${name}_program Full path to the command. Overrides