Le samedi 21 mars 2009 à 13:06 -0700, Steve Langasek a écrit : > > The upstream recommendation is to set the limit to 256 KiB, and it looks > > more than reasonable on a system with 1 GiB of RAM. > > Which upstream? gnome-keyring upstream?
Yes, I’m talking about the gnome-keyring upstream - gnome-keyring was the original motivation for the discussion that led to setting these defaults in PAM instead of the kernel. > The kernel upstream is still setting 64KB as the default, and for the moment > PAM is shadowing this same limit (used to ensure defaults are restored on su > or other session change). > > I'm not opposed to raising the default, but would like to have a clearer > rationale for the specific value than "gnome-keyring might use this amount". > If we're just going to use high-water marks, there's no assurance that we > won't have to change this value yearly, or worse, and I'd rather not be > chasing my tail on this. I don’t think it is likely to change every year. 256 KiB is the amount the gnome-keyring developers estimated necessary for a standard desktop. Currently gnome-keyring stores SSH passphrases, passwords for remote mounts, and evolution passwords. With webkit it is going to store passwords for web applications, so that can make quite a lot, but that’s not megabytes either. More information on their recommendations for locked memory can be found on http://live.gnome.org/GnomeKeyring/Memory > I would like to be able to justify the value we pick to kernel upstream if > necessary (and in fact, I think that if pam_limits changes its default, the > kernel should also). I have requested the kernel developers to change this default value, and while they were not opposed to increasing the value, they made it clear that the kernel will drop any kind of limit eventually, and that it should be set in userspace. > FWIW, I agree that 256KB is a reasonable value in terms of memory usage on > even embedded Debian systems. > > Also FWIW, I use gnome-keyring (plus seahorse, I guess; argh, too many > interlocking parts) on amd64 (the land of the giant pointers) and my > personal high water mark appears to be below 64K. In all cases, it is very unlikely that seahorse needs as much locked memory as gnome-keyring; it will probably remain comparable to gpg-agent, for which the recommendation is 32 KiB. Cheers, -- .''`. Debian 5.0 "Lenny" has been released! : :' : `. `' Last night, Darth Vader came down from planet Vulcan and told `- me that if you don't install Lenny, he'd melt your brain.
signature.asc
Description: Ceci est une partie de message numériquement signée
