svn commit: r244383 - head/etc
Andrey Zonov
zont at FreeBSD.org
Wed Dec 19 10:57:47 UTC 2012
On 12/18/12 1:51 PM, Robert Watson wrote:
>
> On Tue, 18 Dec 2012, Robert Watson wrote:
>
>>> Log:
>>> - Set memorylocked limit to 64Kb for default login class.
>>> This prevents unprivileged users to lock too much memory.
>>> - Set memorylocked limit to 64Mb for daemon login class.
>>> Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
>>> startup, they are run from init(8) which uses daemon login class.
>>> - Set memorylocked limit to unlimited for root login class.
>>>
>>> Suggested by: avg
>>> Approved by: kib (mentor)
>>> MFC after: 1 week
>>
>> I think you should not MFC this one quickly -- let's wait for it to
>> shake out in the -CURRENT userbase for a few months to see what
>> breaks. I wouldn't be surprised if a fair number of applications
>> (both publicly available, and local at various FreeBSD-using shops)
>> are implicitly depending on their not being limits to memorylocked by
>> default. After an upgrade, they might find that their applications
>> simply stop working for potentially hard-to-debug reasons.
>>
>> Or we might find no one notices -- but deferring an MFC will help give
>> us a better sense of which outcome is more likely.
>
> ... or maybe this doesn't matter before your later sysctl commit?
>
Yes. This change should not hurt anybody, because I change defaults for
vm.old_mlock and security.bsd.unprivileged_mlock for stable.
--
Andrey Zonov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 535 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20121219/3cc6648c/attachment.sig>
More information about the svn-src-all
mailing list