[PATCH] make nginx not swappable

Andrew Punch apunch at brandscreen.com
Thu May 22 22:59:47 UTC 2014

Alternatively you can set the per-process swappiness using cgroups.

On 23 May 2014 08:39, Andrew Punch <apunch at brandscreen.com> wrote:

> Encrypt your swap partition then or disable it. A very minimal area of
> memory where any keys are stored or in the ssl library where encryption
> takes place should be non-swappable but keeping everything in memory means
> you're doing it wrong.
> If you really must do it for yourself, I don't see why patching a single
> mlockall() into the right place is so onerous. Also you haven't provided
> the ability to do this on other platforms e.g. Windows.
> I don't think this patch is worth pursuing. If you want to do it yourself,
> that's fine but I don't want this unnecessary complexity on any servers I
> run.


This e-mail and any attachments are confidential and may contain copyright 
material of Brandscreen or third parties. If you are not the intended 
recipient of this email you should not read, print, re-transmit, store or 
act in reliance on this e-mail or any attachments, and should destroy all 
copies of them. Brandscreen does not guarantee the integrity of any emails 
or any attached files. The views or opinions expressed are the author's own 
and may not reflect the views or opinions of Brandscreen.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140523/a2e478a4/attachment.html>

More information about the nginx-devel mailing list