George Mamalakis wrote: > Oliver, thanx for your comments. I know it is difficult to choose which > process to kill and how to be "fair" during such a killing procedure. > Nevertheless, I would assume that all non-root processes would have > higher priority to get killed, and that root's processes would get > killed last.
The owner of the process is not taken into consideration, because the "run-away" process causing the memory shortage may as well be a root-owned process. In such a situation, if root processes were exempt from killing, the system would deadlock and require a hard reboot. Killing the root-owned process is the lesser of two evils. As I already explained, there is a process flag that root- owned processes can set for themselves, preventing the kernel from killing them in low-memory situations. See the description of the MADV_PROTECT flag in the madvise(2) manual page. For example, cron(8) and sshd(8) make use of this, so they will not be killed. This is a better way than simply excluding all root processes. > I understand your comments completely, but I was just so > surprised when I realized how easy it was for me to kill root processes > on my system. Only because you didn't configure resource limits. ;-) When you're the only user on a machine, such as a desktop box, this is usually not a big deal. But in all other cases it's strongly recommended to set resource limits, in particular for shell users and for server processes. Without any resource limits, a normal user can starve the system and take it down. This is an old and well-known problem for all UNIX systems (and most non-UNIX systems, too, I guess). You certainly didn't discover any new problem. If you're concerned, configure resource limits. Period. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "File names are infinite in length, where infinity is set to 255 characters." -- Peter Collinson, "The Unix File System" _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"