memlockd - daemon to lock files in memory with mlock
memlockd [ -c config-file ] [ -d ] [ -u user ]
This manual page documents briefly the memlockd command.
It is used to lock system programs and config files in memory so that
if a DOS attack is experienced then the chance of the sys-admin
regaining control of the system in a reasonable amount of time (and
therefore having a reasonable chance of discovering the cause of the
problem) is significantly increased.
The -c option is used to specify the fully-qualified path name to a
config file that lists the names of files to lock, if the config file
is not specified then it will default to /etc/memlockd.cfg.
The -d option specifies debugging mode, the program will not fork and
will produce it’s logging messages on stderr instead of via syslog.
The -u option specifies the name of a user to use for running ldd (for
recursive operation). Note that locking shared objects that are
writable by non-root is not safe, but using a different UID will reduce
The config file will contain a number of fully qualified names of files
to lock in RAM. When locking shared objects and ELF binaries it is
possible to prefix the file name with a + character to indicate that
memlockd should recursively lock all shared objects that the program
requires and all shared objects that those objects require.
memlockd was written by Russell Coker <firstname.lastname@example.org>