File: memlockd.8

package info (click to toggle)
memlockd 1.3.1-2
  • links: PTS
  • area: main
  • in suites: forky, sid, trixie
  • size: 104 kB
  • sloc: cpp: 451; sh: 83; makefile: 11
file content (53 lines) | stat: -rw-r--r-- 2,328 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
.TH memlockd 8
.SH NAME
memlockd \- daemon to lock files in memory with mlock
.SH SYNOPSIS
\f3memlockd\f1 [ \f3\-c config-file\f1 ] [ \f3\-d\f1 ] [ \f3\-f\f1 ] [ \f3\-u user\f1 ]
.br
.SH DESCRIPTION
This manual page documents briefly the
.B memlockd
command.
.P
It is used to lock system programs and config files in memory so that if a
DOS attack is experienced then the chance of the sys\-admin regaining
control of the system in a reasonable amount of time (and therefore having
a reasonable chance of discovering the cause of the problem) is significantly
increased.
.SH OPTIONS
The \f3\-c\f1 option is used to specify the fully-qualified path name to a
config file that lists the names of files to lock, if the config file is not
specified then it will default to \f3/etc/memlockd.cfg\f1. In any situation
where a config file is used a directory can be used instead, for a directory
every file ending in ".cfg" will be processed.

The \f3\-d\f1 option specifies debugging mode, the program will not fork
and will produce it's logging messages on stderr instead of via syslog.

The \f3\-f\f1 option specifies foreground (non-daemon) mode, the program will
not fork but will still log normally.

The \f3\-u\f1 option specifies the name of a user to use for running ldd (for
recursive operation).  Note that locking shared objects that are writable by
non\-root is not safe, but using a different UID will reduce the risk.

The config file will contain a number of fully qualified names of files to
lock in RAM.  When locking shared objects and ELF binaries it is possible to
prefix the file name with a \f3+\f1 character to indicate that memlockd should
recursively lock all shared objects that the program requires and all shared
objects that those objects require. When a file not found error doesn't matter
(EG you want a single config file to have the file names for multiple
architectures or systems) you can prefix the file name with a \f3?\f1
character, in that case errors such as EPERM will still be logged.

If a line in the config file starts with a \f3%\f1 character it will be taken
as the name of a config file or directory to process.  Currently only one
level of recursion is accepted.

.TP
.SH SEE ALSO
.BR mlock (2),
.BR mmap (1).
.br
.SH AUTHOR
memlockd was written by Russell Coker <russell@coker.com.au>