Tags: mlock

05/01/14

  07:00:00 pm, by The Dreamer   , 312 words  
Categories: Software, FreeBSD

gnome-keyring-daemon: couldn't allocate secure memory to keep passwords and or keys from being wr itten to the disk

Keep seeing this annoying message on FreeBSD, even though back on December 20th, 2013....I had set "security.bsd.unprivileged_mlock=1" in /etc/sysctl.conf to try to finally address this problem.

The default RLIMIT_MEMLOCK resource limit is 64k, which I would think is more than sufficient.

So, it was time to research this problem in more depth.

Found that there's a DEBUG_SECURE_MEMORY define to see how much memory its trying to allocate. Which its trying to allocate some multiple of 16k blocks, which it later refers as pages. Which I seem to recall is Windows?, Solaris is 8k and most other systems are 4k (my FreeBSD system, its 4k). Well, its only trying (and failing) to mlock 16k. So, I tried overriding the constant to 4k. But, this also failed.

I had skimmed the man page, where it says:

Since physical memory is a potentially scarce resource, processes are limited in how much they can lock down. A single process can mlock() the minimum of a system-wide ``wired pages'' limit vm.max_wired and the per-process RLIMIT_MEMLOCK resource limit.

If security.bsd.unprivileged_mlock is set to 0 these calls are only available to the super-user.

Well, on my system vm.max_wired defaults to 1323555 and RLIMIT_MEMLOCK (ulimit -l) is 64.....so limit is 64k, right?

Wrong...delving into the Kernel source...I found that it first checks that the requested amount + the amount it already has doesn't exceed RLIMIT_MEMLOCK, and then that the requested amount + the amount wired system wide ("vm.stats.vm.v_wire_count") is not greater than "vm.max_wired".

Well, when I looked at vm.stats.vm.v_wire_count it was 2020311....its already got more than vm.max_wired, wired! 88|

I feel a PR coming on....

1323555 (which is about 5GB) is said to be 1/3 of some maximum. I have a 16GB system, probably not contiguous...and there's probably some amount reserved....but 2020311 is about 7.7GB.

I did a "sysctl vm.max_wired=2097152", and it took it (so put that into /etc/sysctl.conf, too.) and now gnome-keyring-daemon can start without that message.

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 5 months 1 day 22 hours 27 minutes and 57 seconds until the end of time.
And, it has been 4 years 7 months 26 days 15 hours 34 minutes and 59 seconds since The Doctor saved us all from the end of the World!

Search

August 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 1
This seal is issued to lawrencechen.net by StopTheHacker Inc.
multi-blog engine

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime