[patch] unprivileged mlock(2)
John Baldwin
jhb at freebsd.org
Wed Aug 29 12:25:46 UTC 2012
On Tuesday, August 28, 2012 12:37:05 pm Andrey Zonov wrote:
> Hi,
>
> We've got RLIMIT_MEMLOCK for years, but this limit is useless, because
> only root may call mlock(2), and root may raise any limits.
>
> I suggest patch that allows to call mlock(2) for unprivileged users.
> Are there any objections to got it in tree?
Aside from the other comments (e.g. needing to fix MCL_FUTURE to honor the
limit), if you were to keep the unprivileged_mlock variable, I think the
right place to patch this would be in kern_priv.c by adding a new check
to grant PRIV_VM_MLOCK and PRIV_VM_MUNLOCK to all users if unprivileged_mlock
is set. This centralizes the privilege checking logic instead of duplicating
it in four different places. Robert may have a different opinion, however.
--
John Baldwin
More information about the freebsd-arch
mailing list