Page MenuHomeFreeBSD
Differential D42544

oomprotect sshd and local_unbound + documentation (incl. syslogd)
ClosedPublic
Actions

Authored by netchild on Nov 10 2023, 9:06 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 4, 4:16 AM
Unknown Object (File)
Mon, Nov 4, 4:16 AM
Unknown Object (File)
Mon, Nov 4, 4:16 AM
Unknown Object (File)
Mon, Nov 4, 4:16 AM
Unknown Object (File)
Mon, Nov 4, 3:54 AM
Unknown Object (File)
Thu, Oct 24, 4:19 AM
Unknown Object (File)
Sep 30 2024, 4:40 PM
Unknown Object (File)
Sep 8 2024, 11:45 AM
View All 47 Files
Subscribers
freebsd_igalic.co
gbe
imp

Details

Reviewers
philip
bcr
freebsd_igalic.co
Commits
rGcb57f50e6404: defaults: oomprotect sshd and local_unbound
Summary

syslogd is already oomptotected (to not lose logs which may lead to the oom situation).
sshd also needs to be oomprotected for situations where there is no out-of-band console access.
The discussion in arch@ suggestedto add local_unbound too. Local services (including sshd) may rely on it when started.

This change adds sshd and local_unbound _oomprotext=YES to the defaults and documents it in (plus for syslogd) in rc.conf.5.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

netchild created this revision.Nov 10 2023, 9:06 AM
Herald added a subscriber: imp. · View Herald TranscriptNov 10 2023, 9:06 AM
netchild requested review of this revision.Nov 10 2023, 9:06 AM
netchild retitled this revision from oomprotext sshd and local_unbound + documentation (incl. syslogd) to oomprotect sshd and local_unbound + documentation (incl. syslogd).
freebsd_igalic.co accepted this revision.Nov 10 2023, 9:09 AM
freebsd_igalic.co added a subscriber: freebsd_igalic.co.

👍

This revision is now accepted and ready to land.Nov 10 2023, 9:09 AM
gbe added a subscriber: gbe.Nov 10 2023, 10:10 AM
bcr added a comment.Nov 10 2023, 10:11 AM

Typo

libexec/rc/rc.conf
321

s/oomprotext/oomprotect/

368

s/oomprotext/oomprotect/

netchild updated this revision to Diff 129935.Nov 10 2023, 11:09 AM

Fix variable names.

This revision now requires review to proceed.Nov 10 2023, 11:09 AM
netchild marked 2 inline comments as done.Nov 10 2023, 11:10 AM
bcr accepted this revision.Nov 10 2023, 1:19 PM

OK from manpages

This revision is now accepted and ready to land.Nov 10 2023, 1:19 PM
philip accepted this revision.Nov 11 2023, 2:13 AM

Looks good to me. Thank you.

Closed by commit rGcb57f50e6404: defaults: oomprotect sshd and local_unbound (authored by netchild). · Explain WhyNov 13 2023, 8:50 AM
This revision was automatically updated to reflect the committed changes.
netchild added a commit: rGcb57f50e6404: defaults: oomprotect sshd and local_unbound.

Revision Contents
Changeset List

PathSize
libexec/
rc/
2 lines
share/
man/
man5/
20 lines

Diff 130003

View Options

libexec/rc/rc.conf

Loading...
View Options

share/man/man5/rc.conf.5

Loading...