Re: Any particular reason we don't have sshd oomprotected by default?
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 Nov 2023 11:43:01 UTC
Am 2023-11-13 11:10, schrieb Christian Weisgerber: > Alexander Leidinger: > >> We have syslogd oomprotected by default (/etc/defaults/rc.conf). Is >> there a >> particular reason we don't have sshd protected the same way? > > syslogd(8) can perform its function without forking, I think. > > sshd(8) needs to fork and spawn new processes to be useful. So I > don't know how useful that is in an OOM context. Conversely, your > existing sessions aren't affected when the sshd listening on port 22 > goes away. oomprotect can be set to inherit when forked. I have not done that in this patch. So the main listener on the socket is protected from oom situations, but not individual login sessions. Before proposing the patch in the review, I thought what may be a sensible solution, inherit or not inherit, and I settled on not inherit, as this still allows to login, but would be able to kill long running sessions which may (or may not) contribute to the oom situation. If someone has some strong arguments to change this to set oomprotect to inherit when forked for sshd, feel free to discuss them. Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF