From b56a027638876133cbec63c0ee0262507aae713b Mon Sep 17 00:00:00 2001
From: zont <zont@FreeBSD.org>
Date: Tue, 18 Dec 2012 07:27:50 +0000
Subject: - Set memorylocked limit to 64Kb for default login class.   This
 prevents unprivileged users to lock too much memory. - Set memorylocked limit
 to 64Mb for daemon login class.   Some daemons such as amd(8) and
 watchdogd(8) calls mlockall(2) on   startup, they are run from init(8) which
 uses daemon login class. - Set memorylocked limit to unlimited for root login
 class.

Suggested by:	avg
Approved by:	kib (mentor)
MFC after:	1 week
---
 etc/login.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/etc/login.conf b/etc/login.conf
index c62687a..92826c4 100644
--- a/etc/login.conf
+++ b/etc/login.conf
@@ -32,7 +32,7 @@ default:\
 	:cputime=unlimited:\
 	:datasize=unlimited:\
 	:stacksize=unlimited:\
-	:memorylocked=unlimited:\
+	:memorylocked=64K:\
 	:memoryuse=unlimited:\
 	:filesize=unlimited:\
 	:coredumpsize=unlimited:\
@@ -59,6 +59,7 @@ xuser:\
 staff:\
 	:tc=default:
 daemon:\
+	:memorylocked=64M:\
 	:tc=default:
 news:\
 	:tc=default:
@@ -72,6 +73,7 @@ dialer:\
 #       in preference to 'default'.
 root:\
 	:ignorenologin:\
+	:memorylocked=unlimited:\
 	:tc=default:
 
 #
-- 
cgit v1.1