Re: Any particular reason we don't have sshd oomprotected by default?
- In reply to: Robert Clausecker : "Re: Any particular reason we don't have sshd oomprotected by default?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 09 Nov 2023 08:17:03 UTC
Am 2023-11-09 09:09, schrieb Robert Clausecker: > Hi Alexander, > > I encountered the same issue a while ago, leaving my system in a > vegetative state. I would propose to add syslogd and cron to the syslogd is already protected (at least in 14 and -current). > list. Syslogd because when it dies and you don't notice, you may go > for > a long time without syslogs, cron because a dead cron means no > housekeeping tasks happen, including some which the administrator may > have intended to fix an issue causing an OOM condition (e.g. > periodically restarting services with known memory leaks or cleaning > tmpfs-based file systems). I thought about crond. I agree with your reasoning (I have some cronjobs which are supposed to fix/workaround some issues which for whatever reason can not be handled in a better way). On the other hand I disagree as it can also be the cause of such an oom situation (that's the reason why I didn't include it in my proposal). If the general consensus is to add sshd and cron, I offer to do the work to add it. Bye, Alexander. > Yours, > Robert Clausecker > > Am Thu, Nov 09, 2023 at 08:54:22AM +0100 schrieb Alexander Leidinger: >> Hi, >> >> We have syslogd oomprotected by default (/etc/defaults/rc.conf). Is >> there a >> particular reason we don't have sshd protected the same way? >> >> Any objections if I would commit such a change (sshd_oomprotect=YES in >> defaults/rc.conf)? >> >> I was also thinking about which other daemon we should protect by >> default, >> but apart from the need to make sure important logs are written to >> find >> issues which may have caused the oom trigger, and the need to be able >> to >> login to such a troubled system, I didn't see any other service as >> such >> critical (we could argue about ntpd, but I send to be on the "may be >> protected" (not for my use cases) and not to be on the "has to be >> protected" >> side) to include it in this proposal. >> >> Bye, >> Alexander. >> >> -- >> http://www.Leidinger.net Alexander@Leidinger.net: PGP >> 0x8F31830F9F2772BF >> http://www.FreeBSD.org netchild@FreeBSD.org : PGP >> 0x8F31830F9F2772BF -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF