Dmitry Pryanishnikov wrote: > On Sat, 4 Mar 2006, Peter Jeremy wrote: >> Once you've received this message, the OS is free to kill your >> processes until it frees up some swap (which it can't do if you don't >> have any). I suggest you have a quick look through vm/swap_pager.c >> and vm/vm_pageout.c, looking at swap_pager_full and swap_pager_almost_full. > > This is still a concern for me. IMHO it would be useful to have the ability > to disable process killing due to the lack of swap, because having this > enabled on e.g. transit router can lead to very unpleasant scenario. Imagine > someone DoS-attacks it's sshd, and kernel kills the process with the largest > RSS - it could e.g. be a vital part of the routing software (zebra/ripd/bgpd), > and killing this process will render our router unreachable and unusable! > > Sincerely, Dmitry
My suggestion would then be to utilize resource limits in /etc/login.conf for the sshd user (in your example) or other user accounts for applications that you don't want running out of control. See login.conf(5) and login_cap(3) for more details on this. In particular, the datasize, stacksize, memoryuse, and vmemoryuse options may be of benefit. -Proto _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
