svn commit: r244383 - head/etc

Robert Watson rwatson at FreeBSD.org
Tue Dec 18 09:50:47 UTC 2012 

On Tue, 18 Dec 2012, Andrey Zonov wrote:

> Author: zont
> Date: Tue Dec 18 07:27:50 2012
> New Revision: 244383
> URL: http://svnweb.freebsd.org/changeset/base/244383
>
> Log:
>  - Set memorylocked limit to 64Kb for default login class.
>    This prevents unprivileged users to lock too much memory.
>  - Set memorylocked limit to 64Mb for daemon login class.
>    Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
>    startup, they are run from init(8) which uses daemon login class.
>  - Set memorylocked limit to unlimited for root login class.
>
>  Suggested by:	avg
>  Approved by:	kib (mentor)
>  MFC after:	1 week

I think you should not MFC this one quickly -- let's wait for it to shake out 
in the -CURRENT userbase for a few months to see what breaks.  I wouldn't be 
surprised if a fair number of applications (both publicly available, and local 
at various FreeBSD-using shops) are implicitly depending on their not being 
limits to memorylocked by default.  After an upgrade, they might find that 
their applications simply stop working for potentially hard-to-debug reasons.

Or we might find no one notices -- but deferring an MFC will help give us a 
better sense of which outcome is more likely.

Robert

>
> Modified:
>  head/etc/login.conf
>
> Modified: head/etc/login.conf
> ==============================================================================
> --- head/etc/login.conf	Tue Dec 18 07:26:55 2012	(r244382)
> +++ head/etc/login.conf	Tue Dec 18 07:27:50 2012	(r244383)
> @@ -32,7 +32,7 @@ default:\
> 	:cputime=unlimited:\
> 	:datasize=unlimited:\
> 	:stacksize=unlimited:\
> -	:memorylocked=unlimited:\
> +	:memorylocked=64K:\
> 	:memoryuse=unlimited:\
> 	:filesize=unlimited:\
> 	:coredumpsize=unlimited:\
> @@ -59,6 +59,7 @@ xuser:\
> staff:\
> 	:tc=default:
> daemon:\
> +	:memorylocked=64M:\
> 	:tc=default:
> news:\
> 	:tc=default:
> @@ -72,6 +73,7 @@ dialer:\
> #       in preference to 'default'.
> root:\
> 	:ignorenologin:\
> +	:memorylocked=unlimited:\
> 	:tc=default:
>
> #
>

More information about the svn-src-head mailing list