On Tue, 18 Dec 2012, Robert Watson wrote:
Log:
- Set memorylocked limit to 64Kb for default login class.
This prevents unprivileged users to lock too much memory.
- Set memorylocked limit to 64Mb for daemon login class.
Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
startup, they are run from init(8) which uses daemon login class.
- Set memorylocked limit to unlimited for root login class.
Suggested by: avg
Approved by: kib (mentor)
MFC after: 1 week
I think you should not MFC this one quickly -- let's wait for it to shake out
in the -CURRENT userbase for a few months to see what breaks. I wouldn't be
surprised if a fair number of applications (both publicly available, and
local at various FreeBSD-using shops) are implicitly depending on their not
being limits to memorylocked by default. After an upgrade, they might find
that their applications simply stop working for potentially hard-to-debug
reasons.
Or we might find no one notices -- but deferring an MFC will help give us a
better sense of which outcome is more likely.
... or maybe this doesn't matter before your later sysctl commit?
Robert
Robert
Modified:
head/etc/login.conf
Modified: head/etc/login.conf
==============================================================================
--- head/etc/login.conf Tue Dec 18 07:26:55 2012 (r244382)
+++ head/etc/login.conf Tue Dec 18 07:27:50 2012 (r244383)
@@ -32,7 +32,7 @@ default:\
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
- :memorylocked=unlimited:\
+ :memorylocked=64K:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
@@ -59,6 +59,7 @@ xuser:\
staff:\
:tc=default:
daemon:\
+ :memorylocked=64M:\
:tc=default:
news:\
:tc=default:
@@ -72,6 +73,7 @@ dialer:\
# in preference to 'default'.
root:\
:ignorenologin:\
+ :memorylocked=unlimited:\
:tc=default:
#
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"