Date: Fri, 01 Jun 2012 17:10:56 -0700 From: Julian Elischer <julian@freebsd.org> To: Bryan Drewery <bryan@shatow.net> Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8?=@freebsd.org, Adrian Chadd <adrian@freebsd.org>, Doug Barton <dougb@freebsd.org>, d@delphij.net, Andriy Gapon <avg@freebsd.org>, Eitan Adler <lists@eitanadler.com>, freebsd-arch@freebsd.org, rgrav <des@des.no> Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged process? Message-ID: <4FC95A10.7000806@freebsd.org> In-Reply-To: <4FC8E29F.2010806@shatow.net> References: <4FAC3EAB.6050303@delphij.net> <861umkurt8.fsf@ds4.des.no> <CAJ-VmokY%2Bpgcq999NHShbq-3rK3=oeWT2WY7NmTvVdXOHZJhdg@mail.gmail.com> <CAF6rxgmDW21aPJ5Mp6Tbk1z02ivw4UPhSaNEX%2BWiu7O0v13skA@mail.gmail.com> <20120517055425.GA802@infradead.org> <4FC762DD.90101@FreeBSD.org> <4FC81D9C.2080801@FreeBSD.org> <4FC8E29F.2010806@shatow.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/1/12 8:41 AM, Bryan Drewery wrote: > On 5/31/2012 8:40 PM, Doug Barton wrote: >> On 5/31/2012 5:23 AM, Andriy Gapon wrote: >>> In fact, FreeBSD also has this rlimit and there seems to be full support for it on >>> both user and kernel sides. >>> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-user in the >>> default configuration. And this privilege kind of defeats the limit. >>> >>> Perhaps, we should/could kill the privilege and set the limit to a sufficiently >>> small/safe value for ordinary users? >> I like this idea, but someone else in the thread (sorry, don't have it >> handy) brought up the point that we don't want the aggregate of per-user >> limits to be able to bring down the system either. So the right solution >> would seem to be a reasonable per-user limit, and a cap on the maximum >> total amount of locked pages for all unprivileged users, probably based >> on some percentage of total available memory? >> >> Doug >> > I like this approach. A per-user ulimit, and a global max sysctl that > can be overridden, but by default based on a percentage of available memory. I'd go a different route. I'd have it inherited, and I'd have the value be 0 by default, but settable to some different value at login.conf, or by an ancestor with root privs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FC95A10.7000806>