Re: svn commit: r244383 - head/etc

Tue, 18 Dec 2012 01:52:07 -0800 


On Tue, 18 Dec 2012, Robert Watson wrote:


Log:
 - Set memorylocked limit to 64Kb for default login class.
   This prevents unprivileged users to lock too much memory.
 - Set memorylocked limit to 64Mb for daemon login class.
   Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
   startup, they are run from init(8) which uses daemon login class.
 - Set memorylocked limit to unlimited for root login class.

 Suggested by:  avg
 Approved by:   kib (mentor)
 MFC after:     1 week
I think you should not MFC this one quickly -- let's wait for it to shake out in the -CURRENT userbase for a few months to see what breaks. I wouldn't be surprised if a fair number of applications (both publicly available, and local at various FreeBSD-using shops) are implicitly depending on their not being limits to memorylocked by default. After an upgrade, they might find that their applications simply stop working for potentially hard-to-debug reasons.
Or we might find no one notices -- but deferring an MFC will help give us a better sense of which outcome is more likely. 

... or maybe this doesn't matter before your later sysctl commit?

Robert



Robert



Modified:
 head/etc/login.conf

Modified: head/etc/login.conf
==============================================================================
--- head/etc/login.conf Tue Dec 18 07:26:55 2012        (r244382)
+++ head/etc/login.conf Tue Dec 18 07:27:50 2012        (r244383)
@@ -32,7 +32,7 @@ default:\
        :cputime=unlimited:\
        :datasize=unlimited:\
        :stacksize=unlimited:\
-       :memorylocked=unlimited:\
+       :memorylocked=64K:\
        :memoryuse=unlimited:\
        :filesize=unlimited:\
        :coredumpsize=unlimited:\
@@ -59,6 +59,7 @@ xuser:\
staff:\
        :tc=default:
daemon:\
+       :memorylocked=64M:\
        :tc=default:
news:\
        :tc=default:
@@ -72,6 +73,7 @@ dialer:\
#       in preference to 'default'.
root:\
        :ignorenologin:\
+       :memorylocked=unlimited:\
        :tc=default:

#




_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to