svn commit: r245415 - stable/9/etc
Konstantin Belousov
kostikbel at gmail.com
Tue Jan 15 21:20:19 UTC 2013
On Tue, Jan 15, 2013 at 11:18:19PM +0400, Andrey Zonov wrote:
> On 1/14/13 11:09 PM, Fabian Keil wrote:
> > Andrey Zonov <zont at FreeBSD.org> wrote:
> >
> >> On 1/14/13 3:26 PM, Fabian Keil wrote:
> >>> Andrey Zonov <zont at FreeBSD.org> wrote:
> >>>
> >>>> Author: zont
> >>>> Date: Mon Jan 14 10:58:20 2013
> >>>> New Revision: 245415
> >>>> URL: http://svnweb.freebsd.org/changeset/base/245415
> >>>>
> >>>> Log:
> >>>> MFC r244383:
> >>>> - Set memorylocked limit to 64Kb for default login class.
> >>>> This prevents unprivileged users to lock too much memory.
> >>>
> >>> Note that this causes geli segfaults when using sudo:
> >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=174831
> >>>
> >>
> >> The change should not affect stable, because new behavior was turned off
> >> in stable.
> >
> > It's not exactly obvious, but by "this" I was referring to the change
> > in CURRENT.
> >
>
> The solution which you proposed was refused by kib@ (add to CC) when I
> proposed it earlier.
The limits purpose is to limit some resource usage. Having applications
that override the limits contradicts the user intent of keeping the
limits working.
As a workaround, you could set the limit for your user account.
As a solution, change the offending application to only mlock()
the sensitive pages. E.g. gnupg already does this, probably because
it is portable.
>
> I also wanted to set memory-locked limit to 8Mb, but avg@ (add to CC)
> recommended to set it to something smaller.
>
> Any suggestions?
>
> --
> Andrey Zonov
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20130115/dec0b77b/attachment.sig>
More information about the svn-src-all
mailing list