* Linus Torvalds | 2021-07-08 11:38:51 [-0700]: Hello Mike, Linus >> This feature is off by default and should be explicitly enabled by a system >> administrator. >> >> When it is enabled, a user cannot exceed RLIMIT_MEMLOCK. Just an idea/proposal: this feature could be granted based on capabilities (new or existing one, hopefully not CAP_SYS_ADMIN). Capabilities would provide a very convenient, simple and fine granular way to use this, at least from a user perspective. Or do I forget something Mike? If capability is the way, I think RLIMIT_MEMLOCK would also be redundant in my view. It would be "just another parameter" which can only be set wrong (too low or too high) and somehow always wrong by default. But yes, it doesn't really hurt either, so I personally wouldn't care about that knob. Hagen
