[PATCH] make nginx not swappable
Andrew Punch
apunch at brandscreen.com
Thu May 22 22:59:47 UTC 2014
Alternatively you can set the per-process swappiness using cgroups.
http://unix.stackexchange.com/questions/10214/per-process-swapiness-for-linux#10227
On 23 May 2014 08:39, Andrew Punch <apunch at brandscreen.com> wrote:
> Encrypt your swap partition then or disable it. A very minimal area of
> memory where any keys are stored or in the ssl library where encryption
> takes place should be non-swappable but keeping everything in memory means
> you're doing it wrong.
>
> If you really must do it for yourself, I don't see why patching a single
> mlockall() into the right place is so onerous. Also you haven't provided
> the ability to do this on other platforms e.g. Windows.
>
> I don't think this patch is worth pursuing. If you want to do it yourself,
> that's fine but I don't want this unnecessary complexity on any servers I
> run.
>
--
NOTICE
This e-mail and any attachments are confidential and may contain copyright
material of Brandscreen or third parties. If you are not the intended
recipient of this email you should not read, print, re-transmit, store or
act in reliance on this e-mail or any attachments, and should destroy all
copies of them. Brandscreen does not guarantee the integrity of any emails
or any attached files. The views or opinions expressed are the author's own
and may not reflect the views or opinions of Brandscreen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140523/a2e478a4/attachment.html>
More information about the nginx-devel
mailing list