;
> Cc: Bruno Lauzé<mailto:brunola...@msn.com>;
> freebsd-current<mailto:freebsd-current@freebsd.org>
> Subject: Re: mlock and jail
>
>
>
> On Thu, Feb 2, 2017 at 7:54 AM, Pavel Timofeev <tim...@gmail.com> wrote:
>> 2017-02-02 4:31 GMT+03:00 Xin LI <
ent<mailto:freebsd-current@freebsd.org>
Subject: Re: mlock and jail
On Thu, Feb 2, 2017 at 7:54 AM, Pavel Timofeev <tim...@gmail.com> wrote:
> 2017-02-02 4:31 GMT+03:00 Xin LI <delp...@gmail.com>:
>> I like this idea.
>>
>> Note that potentially your patch wou
On Thu, Feb 2, 2017 at 7:54 AM, Pavel Timofeev wrote:
> 2017-02-02 4:31 GMT+03:00 Xin LI :
>> I like this idea.
>>
>> Note that potentially your patch would make it possible for a jailed
>> root to DoS the whole system by locking too much of pages in memory.
2017-02-02 4:31 GMT+03:00 Xin LI :
> I like this idea.
>
> Note that potentially your patch would make it possible for a jailed
> root to DoS the whole system by locking too much of pages in memory.
> I think it would be sensible to provide a per-jail flag to enable
> doing it,
Hello,
Giving mlock support to jails would also allow Elasticsearch
(Java-based) to run as a jailed process.
In fact, Java can use a memory optimization trick for better
performances by locking a specified amount of memory.
Thus, Elasticsearch has the need for such a setting to let it run at
elp...@gmail.com>
Sent: February 1, 2017 8:31:35 PM
To: Bruno Lauzé
Cc: freebsd-current
Subject: Re: mlock and jail
I like this idea.
Note that potentially your patch would make it possible for a jailed
root to DoS the whole system by locking too much of pages in memory.
I think it would be sensible to p
I like this idea.
Note that potentially your patch would make it possible for a jailed
root to DoS the whole system by locking too much of pages in memory.
I think it would be sensible to provide a per-jail flag to enable
doing it, or better, have some finer grained control (e.g. per jail
quota
I would like to ask if there is a reason I would have to applythe patch below
to make an application work in a jail.
And who's bad? the app too intrusive or the bsd not flexible enough
(allow.mlock?)
Index: sys/kern/kern_jail.c