Hi, On Sun, Mar 7, 2021 at 1:44 PM Gert Doering <g...@greenie.muc.de> wrote:
> Hi, > > On Sun, Mar 07, 2021 at 01:36:03PM -0500, Selva Nair wrote: > > > "I'm not sure", TBH. rlimit handling in unix is a bit of an unknown > > > territory for me. > > > > > > What I understand is that root can *increment* the rlimit at will, but > > > I'd assume that the rlimit value "in existance right now" > (specifically, > > > the soft limit) applies to root processes as well. Sort of a voluntary > > > protection against processes running away. > > > > On modern linux kernels (since some 2.6.x..) RLIMIT_MEMLOCK applies only > to > > unprivileged processes -- privileged processes allowed to lock > "unlimited" > > amount of memory as documented in man mlock. We updated the man page > based > > on that sometime ago. > > Indeed, "man mlock" says something about "privileged processes" on Linux > (it doesn't say that on FreeBSD). > > > We could also consider using setrlimit to increase the limit before > > dropping privileges. > > That's another possible angle... just up soft+hard to "something" > (how much would that be? :-) ) and log the fact. > Rereading my comment on Trac #1059 I recall testing this and concluding 100MB enough for clients. On modern machines that's a low amount of memory --- not allowing swapout of 100MB should be acceptable. For servers, I think there is no reliable limit that we could come up with. Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
