Re: mlock and jail (Elasticsearch/Java use case)

2017-02-02 Thread GomoR
Hello, Giving mlock support to jails would also allow Elasticsearch (Java-based) to run as a jailed process. In fact, Java can use a memory optimization trick for better performances by locking a specified amount of memory. Thus, Elasticsearch has the need for such a setting to let it run at

Re: mlock and jail

2017-02-02 Thread Pavel Timofeev
2017-02-02 4:31 GMT+03:00 Xin LI : > I like this idea. > > Note that potentially your patch would make it possible for a jailed > root to DoS the whole system by locking too much of pages in memory. > I think it would be sensible to provide a per-jail flag to enable > doing it, or better, have some

Re: mlock and jail

2017-02-02 Thread Xin LI
On Thu, Feb 2, 2017 at 7:54 AM, Pavel Timofeev wrote: > 2017-02-02 4:31 GMT+03:00 Xin LI : >> I like this idea. >> >> Note that potentially your patch would make it possible for a jailed >> root to DoS the whole system by locking too much of pages in memory. >> I think it would be sensible to prov

tcpdump broken on current and64

2017-02-02 Thread Manfred Antar
tcpdump breaks buildworld since it was updated yesterday. this is on 12.0 Current amd64 r313099 kernel Here is the error: (tcpdump)5026}make ===> tcpdump (all) /usr/local/bin/ccache cc -O2 -pipe -I/usr/src/usr.sbin/tcpdump/tcpdump -I/usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump -

tcpdump broken on current and64

2017-02-02 Thread Manfred Antar
tcpdump breaks buildworld since it was updated yesterday. this is on 12.0 Current amd64 r313099 kernel Here is the error: (tcpdump)5026}make ===> tcpdump (all) /usr/local/bin/ccache cc -O2 -pipe -I/usr/src/usr.sbin/tcpdump/tcpdump -I/usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump -

RE: mlock and jail

2017-02-02 Thread Bruno Lauzé
But a simple user with no rights can mlock (64kb by default) why a jail would not be able? From: Xin LI Sent: Thursday, February 2, 2017 1:13 PM To: Pavel Timofeev Cc: Bruno Lauzé; freebsd-current

Re: mlock and jail

2017-02-02 Thread Xin LI
On Thu, Feb 2, 2017 at 1:28 PM, Bruno Lauzé wrote: > > > But a simple user with no rights can mlock (64kb by default) why a jail would > not be able? > No, I'm not, by any means, arguing against having jailed processes being able to mlock(), I'm just saying that we should have more fine grained

zfs snapshot_limit is not respected

2017-02-02 Thread Ultima
I recently moved some data on a box with limited space. I decided I should limit the snapshots so that space would not become an issue. I just check back a week later to find out the box is hitting the borderline. Doing I quick check I realized that the snapshot_limit is not being respected. # una