Date: Wed, 29 Aug 2012 07:41:59 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-arch@freebsd.org Cc: Andrey Zonov <zont@freebsd.org>, Robert Watson <rwatson@freebsd.org> Subject: Re: [patch] unprivileged mlock(2) Message-ID: <201208290741.59143.jhb@freebsd.org> In-Reply-To: <503CF3B1.3050604@FreeBSD.org> References: <503CF3B1.3050604@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, August 28, 2012 12:37:05 pm Andrey Zonov wrote: > Hi, > > We've got RLIMIT_MEMLOCK for years, but this limit is useless, because > only root may call mlock(2), and root may raise any limits. > > I suggest patch that allows to call mlock(2) for unprivileged users. > Are there any objections to got it in tree? Aside from the other comments (e.g. needing to fix MCL_FUTURE to honor the limit), if you were to keep the unprivileged_mlock variable, I think the right place to patch this would be in kern_priv.c by adding a new check to grant PRIV_VM_MLOCK and PRIV_VM_MUNLOCK to all users if unprivileged_mlock is set. This centralizes the privilege checking logic instead of duplicating it in four different places. Robert may have a different opinion, however. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208290741.59143.jhb>