From owner-freebsd-current@FreeBSD.ORG Fri Feb 8 13:28:24 2013 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 9455294C for ; Fri, 8 Feb 2013 13:28:24 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-da0-f42.google.com (mail-da0-f42.google.com [209.85.210.42]) by mx1.freebsd.org (Postfix) with ESMTP id 6DD18687 for ; Fri, 8 Feb 2013 13:28:24 +0000 (UTC) Received: by mail-da0-f42.google.com with SMTP id z17so1790042dal.1 for ; Fri, 08 Feb 2013 05:28:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; bh=XYfXdnGCHY+gU9uWJ3CbCOnnelzWbzrMM7vFMBkQva4=; b=TUcgFqdJQC25/ecxsTfyXAG/OYd/TMTeQyqYmcJseCUefJIr5bDKxpp/J5jaunsf2I fvTNXrTwb3gCBsX5ncVbYWAxGQuevxTglxdTxzQgZ2gX1/gievj+OJd/mchaoSM1G1jk 4jT08AwRwuWXjowUbfHX6wuL5PTHC2O0JMJqk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding :x-gm-message-state; bh=XYfXdnGCHY+gU9uWJ3CbCOnnelzWbzrMM7vFMBkQva4=; b=gXp1qZhYm9Cl4A40//7V05oHRcf0AgaRJVaSsPE/IR4sGp7aVE1EFCbrcYfpWh7keJ fQVqyVZfMJO6DEBpb7iYvrK9/DB9wf8DqPv3KA4eKBfYa9NkBfEzR+/17l0xnOnBvkBx p4iIbCiqPax4lGFmL9HX2hO1zByWTgfIcOP1XkBGLWiyXIYiaPvJuwZkmM2UBk84SISG PaRrUpnaKUMj7m1xY2cDjpTQNn0utxGwHK07eqRyXwEcvNkBEay7VtfAGQQUPgYFielw Ks1fwgw/jTUIooIIYkYUO2ZmXAvEqig+mJ1KhW3Px80d438IgzcJhwWX3kfWZ87+1Fgz 7Gmg== X-Received: by 10.66.76.42 with SMTP id h10mr17301533paw.59.1360330103947; Fri, 08 Feb 2013 05:28:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.66.148.10 with HTTP; Fri, 8 Feb 2013 05:27:53 -0800 (PST) In-Reply-To: <5114F390.4010302@FreeBSD.org> References: <20130207141833.GA15884@acme.spoerlein.net> <20130207153322.5c371beb@fabiankeil.de> <20130207180153.GX35868@acme.spoerlein.net> <20130208095709.6ae61cff@fabiankeil.de> <20130208114825.GY35868@acme.spoerlein.net> <5114F390.4010302@FreeBSD.org> From: Eitan Adler Date: Fri, 8 Feb 2013 08:27:53 -0500 Message-ID: Subject: Re: geli(8) breaks after a couple hours of uptime To: Andriy Gapon Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQmNTqZSgWc+kn1Aqn5C1opWP0VtmgPKhqUdCrw0HdXNOMNlfwx82icOv1ZIvzHDZkL6QCDj Cc: zont@freebsd.org, current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2013 13:28:24 -0000 On 8 February 2013 07:46, Andriy Gapon wrote: > on 08/02/2013 13:48 Ulrich Sp=C3=B6rlein said the following: >> The problem here is that I login via my user account, then either use >> sudo or sudo -i for a root shell, this however does not raise the >> memorylocked limit. So when I said this works during boot and shortly >> after, it's because I haven't started my screen session yet, through >> which I do all the work, usually, but have logged in with a direct root >> shell. D'oh! >> >> It looks like 128k as a limit is still too low for geli(8) to work, and >> I've set it to 256k now, so that I can use "sudo geli". Can you maybe >> revise the patch to not use 1024k as an arbitrary limit, but rather make >> sure you test for precisely as much memory as will be needed? >> >> Also, can we maybe revisit the new 64k default limit, as it will >> obviously make peoples work with geli a bit painful, this should work >> out of the box. > > I have some, IMO, better suggestions: > - use -c option with sudo > - tune your system for your needs > > - [major] abolish the silliness of tying resource limits to login class a= nd apply > resource limits based on user and group IDs; including after su/sudo (sub= ject to > local policies) The default settings should not make another feature unusable. At a minimum it should be documented in geli's man page that such tuning is required. --=20 Eitan Adler