[PATCH] make nginx not swappable

Marcin Strągowski marcin.stragowski at adpilot.pl
Wed May 21 20:48:58 UTC 2014

> I don't like neither the functionality nor the patch.
> Trivial solution to the original problem would be to just disable 
> swap on the system (and you'll have to disable dumps and 
> hibernation as well).

this is not solving our problem - we still would like to have the possibility to swap some other processes on the system (there are also other services on the same machines and this is frequent scenario in RTB systems)

> Better approach would be to store keys in a special secure 
> allocation, locked and with guard pages.  Akamai recently tried to 
> provide a patch for OpenSSL for this, see thread here:

> http://thread.gmane.org/gmane.comp.encryption.openssl.user/51243

that's nice - thank you - will look at this :) 

Still, I believe there is a usecase for our patch - for example in system like ours where are few processes that could make machine swap - we're still holding nginx out of swap so it's still responsive which for our systems is crucial.

if there's something wrong with patch itself - I always can fix it. 
Maxim Dounin

nginx-devel mailing list
nginx-devel at nginx.org

More information about the nginx-devel mailing list