Date: Fri, 10 Mar 2006 08:02:48 -0500 From: Michael Proto <mike@jellydonut.org> To: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> Cc: freebsd-stable@freebsd.org Subject: Re: RELENG_4 on flash disk and swap Message-ID: <441178F8.1070503@jellydonut.org>
next in thread | raw e-mail | index | archive | help
Dmitry Pryanishnikov wrote: > On Sat, 4 Mar 2006, Peter Jeremy wrote: >> Once you've received this message, the OS is free to kill your >> processes until it frees up some swap (which it can't do if you don't >> have any). I suggest you have a quick look through vm/swap_pager.c >> and vm/vm_pageout.c, looking at swap_pager_full and swap_pager_almost_full. > > This is still a concern for me. IMHO it would be useful to have the ability > to disable process killing due to the lack of swap, because having this > enabled on e.g. transit router can lead to very unpleasant scenario. Imagine > someone DoS-attacks it's sshd, and kernel kills the process with the largest > RSS - it could e.g. be a vital part of the routing software (zebra/ripd/bgpd), > and killing this process will render our router unreachable and unusable! > > Sincerely, Dmitry My suggestion would then be to utilize resource limits in /etc/login.conf for the sshd user (in your example) or other user accounts for applications that you don't want running out of control. See login.conf(5) and login_cap(3) for more details on this. In particular, the datasize, stacksize, memoryuse, and vmemoryuse options may be of benefit. -Proto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?441178F8.1070503>