On Fri, Mar 02, 2007 at 06:09:22PM +0100, Tobias Ulmer wrote: > On Fri, Mar 02, 2007 at 11:25:11AM +0100, Mechiel Lukkien wrote: > > Hi all, > > > > It seems mlock does not work on OpenBSD/i386 for non-root users. On other > > archs it might work as non-root (looking at the code), but I don't have > > a machine to test. It seems this has existed for a long time: > > > > [ ... ] > > >From http://www.opengroup.org/onlinepubs/009695399/functions/mlock.html > > "The appropriate privilege is required to lock process memory with > mlock()" > > So getting an EPERM is the norm if your're a normal user on most OS.
true, but EPERM isn't listed in mlock(2). manual pages on openbsd tend to describe behaviour exactly. i haven't tried on other bsd's, but on linux a normal user is allowed to lock memory. i would think locking a maximum of 0 pages by default through rlimit would be okay, than an rlimit (e.g. in login.conf for one user) could be set higher to allow actual pages to be locked. besides, it seems other archs than i386 do allow mlock-ing. i am not very sure about that though. > You didn't ask for it, but let me guess. You want to protect some super > secret data from being swaped out to disk. OpenBSD does have encrypted > swap enabled by default. nopes, i know openbsd has encrypted swap. i am using a large amount of memory to do fast randomly distributed lookups in a big table. the table cannot be on disk (or paged out), that would mean one more random disk access. regards, mechiel
