On Wed, Jul 7, 2021 at 10:22 PM Mike Rapoport <rppt@xxxxxxxxxxxxx> wrote:
>
> This feature is off by default and should be explicitly enabled by a system
> administrator.
I really don't think that matters, since people would go "oh, I want
secretmem" without being aware of the consequences.
But:
> When it is enabled, a user cannot exceed RLIMIT_MEMLOCK.
I had missed that, even though it was mentioned in the long commit
description. I just read the patch, and was looking at the
secretmem_file_create() and missed how the the limit was there in the
mmap path.
So I'm fine with this.
I still suspect that the "don't hibernate" should maybe at least alert
the sysadmin about *why* the hibernate failed, but let's see if that
ends up being an actual problem.
Linus
