On 12/18/12 1:51 PM, Robert Watson wrote: > > On Tue, 18 Dec 2012, Robert Watson wrote: > >>> Log: >>> - Set memorylocked limit to 64Kb for default login class. >>> This prevents unprivileged users to lock too much memory. >>> - Set memorylocked limit to 64Mb for daemon login class. >>> Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on >>> startup, they are run from init(8) which uses daemon login class. >>> - Set memorylocked limit to unlimited for root login class. >>> >>> Suggested by: avg >>> Approved by: kib (mentor) >>> MFC after: 1 week >> >> I think you should not MFC this one quickly -- let's wait for it to >> shake out in the -CURRENT userbase for a few months to see what >> breaks. I wouldn't be surprised if a fair number of applications >> (both publicly available, and local at various FreeBSD-using shops) >> are implicitly depending on their not being limits to memorylocked by >> default. After an upgrade, they might find that their applications >> simply stop working for potentially hard-to-debug reasons. >> >> Or we might find no one notices -- but deferring an MFC will help give >> us a better sense of which outcome is more likely. > > ... or maybe this doesn't matter before your later sysctl commit? >
Yes. This change should not hurt anybody, because I change defaults for vm.old_mlock and security.bsd.unprivileged_mlock for stable. -- Andrey Zonov
signature.asc
Description: OpenPGP digital signature
