Re: mlock(2) for ordinary users
- From: Kostik Belousov <kostikbel@xxxxxxxxx>
- Date: Sun, 23 Jul 2006 09:19:33 +0300
On Sun, Jul 23, 2006 at 09:55:28AM +1000, Peter Jeremy wrote:
On Sat, 2006-Jul-22 18:16:31 +0300, Kostik Belousov wrote:
On Sat, Jul 22, 2006 at 03:52:37PM +0100, Robert Watson wrote:
As consequence, allowing mlock() for non-root users actually allow such
user to allocate value-of(RLIMIT_MEMLOCK) * value-of(RLIMIT_NPROC).
This is no different to the other per-process resource limits. On a
stock FreeBSD system, I can reach the system-wide FD limit with two
user processes. I can't see that having several processes each
locking RLIMIT_MEMLOCK pages provides any real benefit to the user
so this is really just another DoS vector.
In fact, I had to make the answers to the asked questions when I
implemented the per-user swap limits.
I didn't realise this existed. How do you control per-user swap? I
can't find any reference to this in either login.conf or setrlimit(2).
This is not in the tree. See
http://people.freebsd.org/~kib/overcommit/index.html
I would be more than happy if this stuff becomes useful for at least
one purpose.
Attachment:
pgpmHwiOHuNVw.pgp
Description: PGP signature
- References:
- mlock(2) for ordinary users
- From: Peter Jeremy
- Re: mlock(2) for ordinary users
- From: Robert Watson
- Re: mlock(2) for ordinary users
- From: Kostik Belousov
- Re: mlock(2) for ordinary users
- From: Peter Jeremy
- mlock(2) for ordinary users
- Prev by Date: Re: mlock(2) for ordinary users
- Next by Date: sosend/soreceive consistency improvements
- Previous by thread: Re: mlock(2) for ordinary users
- Next by thread: sosend/soreceive consistency improvements
- Index(es):
Relevant Pages
|
|
