Date: Sat, 20 Mar 2004 17:31:32 +0100
From: Andrea Arcangeli <andrea@suse.de>
To: Rik van Riel <riel@redhat.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: 2.6.5-rc1-aa1
Message-ID: <20040320163132.GV9009@dualathlon.random>
References: <20040318164253.GO2246@dualathlon.random> <Pine.LNX.4.44.0403181144290.16728-100000@chimarrao.boston.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0403181144290.16728-100000@chimarrao.boston.redhat.com>
User-Agent: Mutt/1.4.1i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1408
Lines: 35

On Thu, Mar 18, 2004 at 11:49:52AM -0500, Rik van Riel wrote:
> It's in the RHEL3 kernel, a patch named linux-2.4.21-mlock.patch.
> 
> Basically it allows any normal process to have up to its
> current->rlim[RLIMIT_MEMLOCK].rlim_cur memory locked.
> Root can configure, in /etc/security/limits.conf, how much 
> memory the processes of each user are allowed to mlock.
> 
> Processes with CAP_IPC_LOCK set can mlock as much as they
> want, unrestricted by the limit.
> 
> Last year at the kernel summit, Linus seemed pretty happy
> with this approach.  I think Wim Coekaerts at Oracle has
> ported the patch to 2.6 already...
> 
> I suspect the security paranoid will like this patch too,
> because it allows gnupg to mlock the memory it wants to
> have locked.

I agree.

> Now it just needs to be submitted to Andrew and Linus ;)

could somebody submit it to me too? ;) otherwise I'll have to search for
some big rpm.

what I was thinking about was more basic without checking the rlimits,
certainly I agree using the rlimits is a very nice bonus (though the
code is a bit more complicated, and it won't be a one liner in
remap_file_pages as I was hoping for ;).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/