Date: Thu, 27 Mar 2003 18:12:13 -0800 From: Wes Peters <wes@softweyr.com> To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>, Marcel Moolenaar <marcel@xcllnt.net> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: Patch to protect process from pageout killing Message-ID: <200303271812.13745.wes@softweyr.com> In-Reply-To: <14594.1048582113@critter.freebsd.dk> References: <14594.1048582113@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 25 March 2003 00:48, Poul-Henning Kamp wrote:
> In message <20030325084247.GA17195@dhcp01.pn.xcllnt.net>, Marcel
> Moolenaar writes:
> >> To tackle them from behind:
> >>
> >> Wes has a proposal for #3 which is a per-process flag which says
> >> "I'm sacred". I think that is a sound principle since that is
> >> usually exactly what people want: Do Not Kill This Process.
> >>
> >> Certain processes already enjoy special protection, pid==1 most
> >> notably, this would just be a way to make the same protection
> >> available to other processes. I'm not happy about using the
> >> resourcelimit code for booleans, and I don't think the flag
> >> should be inherited, but otherwise I'm for the idea.
> >
> >JFYI: On ia64 there are 12 bits in the ELF header reserved for OS
> >specific flags. A very natural way to flag a process as being sacred
> >is by flagging the ELF executable. You could use brandelf for that.
>
> Many years ago, we had a local hack so you could specify the nice(2)
> that a given program would be executed at (relative to the parent
> process) in the a.out file. This allowed us to keep games open
> during the day because we could argue that running at -20 they used
> only resources not otherwise claimed.
>
> Other operating systems have much more expressive facilities for
> putting attributes on a program. In some cases this is being held
> stronly against them.
You could easily implement this with an ELF executable by adding "note"
section(s) containing the attributes in a format understood by your
loader or linker. A hackup of brandelf could modify the binaries in
well-specified ways.
You could also do this with extended attributes on the executable/
library files.
> I think, but am not sure, that we can now introduce practically any
> policy we might like with MAC. (NB: deliberate rwatson-trigger)
>
> How the flags/attributes gets to be set on the wanted subset of
> processes is by no means uninteresting, but until something pays
> attention to the flag...
Working on it.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters wes@softweyr.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303271812.13745.wes>