I like this idea.
Note that potentially your patch would make it possible for a jailed
root to DoS the whole system by locking too much of pages in memory.
I think it would be sensible to provide a per-jail flag to enable
doing it, or better, have some finer grained control (e.g. per jail
quota of permitted locked pages).
Why did the application want to lock pages in main memory, though?
On Wed, Feb 1, 2017 at 3:52 PM, Bruno Lauzé <brunola...@msn.com> wrote:
> I would like to ask if there is a reason I would have to applythe patch
> below to make an application work in a jail.
> And who's bad? the app too intrusive or the bsd not flexible enough
> Index: sys/kern/kern_jail.c
> --- sys/kern/kern_jail.c (revision 313033)
> +++ sys/kern/kern_jail.c (working copy)
> @@ -3340,6 +3340,11 @@
> case PRIV_PROC_SETLOGINCLASS:
> return (0);
> + case PRIV_VM_MADV_PROTECT:
> + case PRIV_VM_MLOCK:
> + case PRIV_VM_MUNLOCK:
> + return (0);
> firstname.lastname@example.org mailing list
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"