Protect process from OOM killer in Jail

[sipopo]

Hi,

Does anybody know how to protect daemon in jail from OOM Killer?
I tried to set mysql_oomprotect to YES in rc.conf in Jail but it doesn't work.

Thaks

 

[SirDice]

Does anybody know how to protect daemon in jail from OOM Killer?

Yes, simple. Don't run out of memory.

 

[_martin]

The OOM protection is done by procctl(2) in the background used by the protect(1) command. This tracing is not allowed in jails for security reasons.

If you're running out of memory you have bigger issues. But let's say you have a corner case where you are testing something and you do want to achieve what you've asked. From top of my head I'd say run the protect command on host as follows # protect -p $<pid of mysql daemon>.

 

[0mp]

The OOM protection is done by procctl(2) in the background used by the protect(1) command. This tracing is not allowed in jails for security reasons.

It is documented now in protect(1) (see https://cgit.freebsd.org/src/commit/?id=6452fb1e87ed9d00b52fa1e63e7c3a7516c9586c).

This behavior may change, however. FreeBSD developers are considering adding a way to enable the use of procctl(2) in jails.

 

[jbo@]

The bugs section of protect(1) states:

BUGS
If you protect a runaway process that allocates all memory the system
will deadlock.

Is that really a bug? There's not much one can do in such a situation, right? It's basically inevitable?
It certainly doesn't seem to be a bug of protect(1) itself (if the answers to the last two questions above are "yes").

 

[0mp]

Is that really a bug?

Per mdoc(7):

           BUGS
           Known bugs, limitations, and work-arounds should be described in
           this section.

The "BUGS" section title is a bit confusing nowadays, yes.