Date: Thu, 31 May 2012 18:40:44 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Andriy Gapon <avg@FreeBSD.org> Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8?=@FreeBSD.ORG, Adrian Chadd <adrian@FreeBSD.org>, d@delphij.net, Eitan Adler <lists@eitanadler.com>, freebsd-arch@FreeBSD.org, rgrav <des@des.no> Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged process? Message-ID: <4FC81D9C.2080801@FreeBSD.org> In-Reply-To: <4FC762DD.90101@FreeBSD.org> References: <4FAC3EAB.6050303@delphij.net> <861umkurt8.fsf@ds4.des.no> <CAJ-VmokY%2Bpgcq999NHShbq-3rK3=oeWT2WY7NmTvVdXOHZJhdg@mail.gmail.com> <CAF6rxgmDW21aPJ5Mp6Tbk1z02ivw4UPhSaNEX%2BWiu7O0v13skA@mail.gmail.com> <20120517055425.GA802@infradead.org> <4FC762DD.90101@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/31/2012 5:23 AM, Andriy Gapon wrote:
> In fact, FreeBSD also has this rlimit and there seems to be full support for it on
> both user and kernel sides.
> OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-user in the
> default configuration. And this privilege kind of defeats the limit.
>
> Perhaps, we should/could kill the privilege and set the limit to a sufficiently
> small/safe value for ordinary users?
I like this idea, but someone else in the thread (sorry, don't have it
handy) brought up the point that we don't want the aggregate of per-user
limits to be able to bring down the system either. So the right solution
would seem to be a reasonable per-user limit, and a cap on the maximum
total amount of locked pages for all unprivileged users, probably based
on some percentage of total available memory?
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FC81D9C.2080801>