From: Chris Wright <chrisw@osdl.org>
To: Jeff Garzik <jgarzik@pobox.com>
Cc: linux-kernel@vger.kernel.org, Andrew Morton <akpm@osdl.org>
Subject: Re: mlock(1)
Date: Fri, 24 Sep 2004 13:22:47 -0700 [thread overview]
Message-ID: <20040924132247.W1973@build.pdx.osdl.net> (raw)
In-Reply-To: <41547C16.4070301@pobox.com>; from jgarzik@pobox.com on Fri, Sep 24, 2004 at 03:57:10PM -0400
* Jeff Garzik (jgarzik@pobox.com) wrote:
>
> How feasible is it to create an mlock(1) utility, that would allow
> priveleged users to execute a daemon such that none of the memory the
> daemon allocates will ever be swapped out?
1. Doesn't require privilege, just proper rlimits ;-)
2. Problem is the execve(2) that the mlock(1) program would have to call.
This blows away the mappings which contain the locking info. Unless you
were thinking of promoting something akin to VM_LOCKED from the ->mm
def_flags to a per task flag.
> ntp daemon does mlock(2) internally, for example, but IMHO this is
> really a policy decision that could be moved out of the app.
Hard to say if it's a policy decision outside the scope of the app.
Esp. if the app knows it needs to not be swapped. Either something that
has realtime needs, or more specifically, privacy needs. Don't need to
mlock all of gpg to ensure key data never hits swap.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2004-09-24 20:23 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-24 19:57 mlock(1) Jeff Garzik
2004-09-24 20:15 ` mlock(1) Neil Horman
2004-09-24 20:21 ` mlock(1) Neil Horman
2004-09-24 20:31 ` mlock(1) Lee Revell
2004-09-24 20:33 ` mlock(1) Jeff Garzik
2004-09-24 20:39 ` mlock(1) Lee Revell
2004-09-24 20:22 ` Chris Wright [this message]
2004-09-24 20:41 ` mlock(1) Chris Friesen
2004-09-24 20:46 ` mlock(1) Chris Wright
2004-09-24 20:54 ` mlock(1) Chris Friesen
2004-09-24 20:59 ` mlock(1) Chris Wright
2004-09-24 22:48 ` mlock(1) Ryan Cumming
2004-09-24 21:07 ` mlock(1) Alan Cox
2004-09-24 22:19 ` mlock(1) Chris Wright
2004-09-24 22:30 ` mlock(1) Jeff Garzik
2004-09-24 23:08 ` mlock(1) Chris Wright
2004-09-24 22:59 ` mlock(1) Andrea Arcangeli
2004-09-24 23:46 ` mlock(1) Nigel Cunningham
2004-09-25 1:07 ` mlock(1) Andrea Arcangeli
2004-09-25 1:21 ` mlock(1) David Lang
2004-09-25 1:30 ` mlock(1) Andrea Arcangeli
2004-09-25 1:46 ` mlock(1) Valdis.Kletnieks
2004-09-25 2:15 ` mlock(1) Andrea Arcangeli
2004-09-25 2:46 ` mlock(1) Valdis.Kletnieks
2004-09-25 2:58 ` mlock(1) Andrea Arcangeli
2004-09-25 3:29 ` mlock(1) Valdis.Kletnieks
2004-09-25 4:07 ` mlock(1) Andrea Arcangeli
2004-09-25 4:52 ` mlock(1) Valdis.Kletnieks
2004-09-25 17:15 ` mlock(1) Andy Lutomirski
2004-09-25 2:33 ` mlock(1) Bernd Eckenfels
2004-09-25 1:27 ` mlock(1) Andrea Arcangeli
2004-09-28 22:03 ` mlock(1) Robert White
2004-09-28 22:15 ` mlock(1) Andrea Arcangeli
2004-09-28 23:26 ` mlock(1) Robert White
2004-09-29 1:16 ` mlock(1) Jon Masters
2004-09-29 1:23 ` mlock(1) Alan Cox
2004-09-29 3:46 ` mlock(1) Robert White
2004-09-29 12:34 ` mlock(1) Jon Masters
2004-09-29 15:57 ` mlock(1) Lee Revell
2004-09-29 22:56 ` mlock(1) Paul Jackson
2004-09-25 12:21 ` mlock(1) Nigel Cunningham
2004-09-25 14:53 ` mlock(1) Andrea Arcangeli
2004-09-28 8:48 ` mlock(1) Pavel Machek
2004-09-30 17:42 ` mlock(1) Andrea Arcangeli
2004-09-30 18:54 ` mlock(1) Pavel Machek
2004-09-30 19:17 ` mlock(1) Andrea Arcangeli
2004-09-30 19:52 ` mlock(1) Pavel Machek
2004-10-04 12:21 ` mlock(1) Jack Lloyd
2004-09-24 23:59 ` mlock(1) Bernd Eckenfels
2004-09-25 0:25 ` mlock(1) Nigel Cunningham
2004-09-25 1:18 ` mlock(1) Andrea Arcangeli
2004-09-27 6:16 ` mlock(1) Stefan Seyfried
2004-09-27 10:32 ` mlock(1) Nigel Cunningham
2004-09-27 14:29 ` mlock(1) Andrea Arcangeli
2004-09-27 20:32 ` mlock(1) Wolfgang Walter
2004-09-27 14:16 ` mlock(1) Andrea Arcangeli
2004-09-27 13:31 ` mlock(1) Alan Cox
2004-09-29 1:48 ` mlock(1) Andrea Arcangeli
2004-09-27 14:34 ` mlock(1) Stefan Seyfried
2004-09-27 15:07 ` mlock(1) Andrea Arcangeli
2004-09-27 15:25 ` mlock(1) Stefan Seyfried
2004-09-27 15:38 ` mlock(1) Andrea Arcangeli
2004-09-30 13:04 ` mlock(1) Pavel Machek
2004-09-27 22:22 ` mlock(1) Nigel Cunningham
2004-09-27 22:43 ` mlock(1) Andrea Arcangeli
2004-09-28 22:03 ` mlock(1) Nigel Cunningham
2004-09-24 20:24 ` mlock(1) Chris Friesen
2004-09-24 21:17 ` mlock(1) Andrew Morton
2004-09-25 0:26 ` mlock(1) Chris Wright
2004-09-25 1:28 ` mlock(1) Andrew Morton
2004-09-25 1:33 ` mlock(1) Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040924132247.W1973@build.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=akpm@osdl.org \
--cc=jgarzik@pobox.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox