On 7 Nov 2003, Jack O'Quin wrote: > Zenaan Harkness <[EMAIL PROTECTED]> writes: > > > From: Matthias Urlichs > > > Hi, Jack O'Quin wrote: > > > > > > > So far, no one is sure why CAP_SYS_RESOURCE is needed, but we find > > > > that mlockall() fails without it. > > > > > > For good reason. The resource in question is physical memory. You could > > > lock all the free memory with this program (thereby condemning it to swap > > > death) if you're not VERY careful. > > Who is Matthias Urlichs? Has he not been following this discussion? > > Is he able to do anything about this mess? How can we contact him?
>From reading these comments and taking a look at the mlockall call and how it is used in jack, I understand that this might really be very dangerous ... mlockall (MCL_CURRENT | MCL_FUTURE) anyone tried without CAP_SYS_RESOURCE , memory preallocation (I think this would mean a maximum amount of jack clients) and without the "MCL_FUTURE". Seems that the MCL_FUTURE would take up all memory and never give it free at some point, hence it needs higher privileges. (just a guess, ... again ...) As it is now a user can lock up the machine by introducing (lots?) of clients. Guenter
