On Tue, Jan 15, 2013 at 11:18:19PM +0400, Andrey Zonov wrote: > On 1/14/13 11:09 PM, Fabian Keil wrote: > > Andrey Zonov <z...@freebsd.org> wrote: > > > >> On 1/14/13 3:26 PM, Fabian Keil wrote: > >>> Andrey Zonov <z...@freebsd.org> wrote: > >>> > >>>> Author: zont > >>>> Date: Mon Jan 14 10:58:20 2013 > >>>> New Revision: 245415 > >>>> URL: http://svnweb.freebsd.org/changeset/base/245415 > >>>> > >>>> Log: > >>>> MFC r244383: > >>>> - Set memorylocked limit to 64Kb for default login class. > >>>> This prevents unprivileged users to lock too much memory. > >>> > >>> Note that this causes geli segfaults when using sudo: > >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=174831 > >>> > >> > >> The change should not affect stable, because new behavior was turned off > >> in stable. > > > > It's not exactly obvious, but by "this" I was referring to the change > > in CURRENT. > > > > The solution which you proposed was refused by kib@ (add to CC) when I > proposed it earlier. The limits purpose is to limit some resource usage. Having applications that override the limits contradicts the user intent of keeping the limits working.
As a workaround, you could set the limit for your user account. As a solution, change the offending application to only mlock() the sensitive pages. E.g. gnupg already does this, probably because it is portable. > > I also wanted to set memory-locked limit to 8Mb, but avg@ (add to CC) > recommended to set it to something smaller. > > Any suggestions? > > -- > Andrey Zonov >
pgplUIr3fs2eY.pgp
Description: PGP signature
