system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 02:37:15 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

defaults: oomprotect sshd and local_unbound

Browse source 
Add sshd and local_unbound to the oom protected services.
syslogd is protected by default already, document it.

This was discussed on arch@, see
    https://lists.freebsd.org/archives/freebsd-arch/2023-November/000543.html

sshd is protected to be able to investigate and fix oom issues on systems
which don't have out-of-band console access.
local_unbound is protected as it may be enabled for local use and without
DNS a lot grinds to a halt (including sshd).

Relnotes:		yes
MFC after:		1 month
Differential Revision:	https://reviews.freebsd.org/D42544
This commit is contained in:
Alexander Leidinger 2023-11-13 09:48:51 +01:00
parent a294b02fbc
commit cb57f50e64
2 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libexec/rc/rc.conf
View file

@ -318,6 +318,7 @@ ggated_config="/etc/gg.exports" # ggated(8) exports file.
ggated_flags="" # Extra parameters like which port to bind to.
ctld_enable="NO" # CAM Target Layer / iSCSI target daemon.
local_unbound_enable="NO" # Local caching DNS resolver
local_unbound_oomprotect="YES" # Don't kill local_unbound when swap space is exhausted.
local_unbound_tls="NO" # Use DNS over TLS
blacklistd_enable="NO" # Run blacklistd daemon (YES/NO).
blacklistd_flags="" # Optional flags for blacklistd(8).
@ -364,6 +365,7 @@ pppoed_provider="*" # Provider and ppp(8) config file entry.
pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
pppoed_interface="em0" # The interface that pppoed runs on.
sshd_enable="NO" # Enable sshd
sshd_oomprotect="YES" # Don't kill sshd when swap space is exhausted.
sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
sshd_flags="" # Additional flags for sshd.
ftpd_enable="NO" # Enable stand-alone ftpd.

20
share/man/man5/rc.conf.5
View file

@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd September 18, 2023
.Dd November 13, 2023
.Dt RC.CONF 5
.Os
.Sh NAME
@ -2318,6 +2318,12 @@ If set to
run the
.Xr syslogd 8
daemon.
Note, the
.Va syslogd_oomprotect
variable is set to
.Dq Li YES
by default in
.Pa /etc/defaults/rc.conf .
.It Va syslogd_program
.Pq Vt str
Path to
@ -2381,6 +2387,12 @@ If set to
run the
.Xr unbound 8
daemon as a local caching DNS resolver.
Note, the
.Va local_unbound_oomprotect
variable is set to
.Dq Li YES
by default in
.Pa /etc/defaults/rc.conf .
.It Va nscd_enable
.Pq Vt bool
Set to
@ -3840,6 +3852,12 @@ Set to
to start
.Xr sshd 8
at system boot time.
Note, the
.Va sshd_oomprotect
variable is set to
.Dq Li YES
by default in
.Pa /etc/defaults/rc.conf .
.It Va sshd_flags
.Pq Vt str
If