Lauzé<mailto:brunola...@msn.com>;
> freebsd-current<mailto:freebsd-current@freebsd.org>
> Subject: Re: mlock and jail
>
>
>
> On Thu, Feb 2, 2017 at 7:54 AM, Pavel Timofeev wrote:
>> 2017-02-02 4:31 GMT+03:00 Xin LI :
>>> I like this idea.
>>>
&g
ent<mailto:freebsd-current@freebsd.org>
Subject: Re: mlock and jail
On Thu, Feb 2, 2017 at 7:54 AM, Pavel Timofeev wrote:
> 2017-02-02 4:31 GMT+03:00 Xin LI :
>> I like this idea.
>>
>> Note that potentially your patch would make it possible for a jailed
>> root t
On Thu, Feb 2, 2017 at 7:54 AM, Pavel Timofeev wrote:
> 2017-02-02 4:31 GMT+03:00 Xin LI :
>> I like this idea.
>>
>> Note that potentially your patch would make it possible for a jailed
>> root to DoS the whole system by locking too much of pages in memory.
>> I think it would be sensible to prov
2017-02-02 4:31 GMT+03:00 Xin LI :
> I like this idea.
>
> Note that potentially your patch would make it possible for a jailed
> root to DoS the whole system by locking too much of pages in memory.
> I think it would be sensible to provide a per-jail flag to enable
> doing it, or better, have some
Hello,
Giving mlock support to jails would also allow Elasticsearch
(Java-based) to run as a jailed process.
In fact, Java can use a memory optimization trick for better
performances by locking a specified amount of memory.
Thus, Elasticsearch has the need for such a setting to let it run at
ary 1, 2017 8:31:35 PM
To: Bruno Lauzé
Cc: freebsd-current
Subject: Re: mlock and jail
I like this idea.
Note that potentially your patch would make it possible for a jailed
root to DoS the whole system by locking too much of pages in memory.
I think it would be sensible to provide a per-jail fl
I like this idea.
Note that potentially your patch would make it possible for a jailed
root to DoS the whole system by locking too much of pages in memory.
I think it would be sensible to provide a per-jail flag to enable
doing it, or better, have some finer grained control (e.g. per jail
quota of