Man Linux: Main Page and Category List

NAME

       memlockd - daemon to lock files in memory with mlock

SYNOPSIS

       memlockd [ -c config-file ] [ -d ] [ -u user ]

DESCRIPTION

       This manual page documents briefly the memlockd command.

       It  is  used to lock system programs and config files in memory so that
       if a DOS attack  is  experienced  then  the  chance  of  the  sys-admin
       regaining  control  of  the  system in a reasonable amount of time (and
       therefore having a reasonable chance of discovering the  cause  of  the
       problem) is significantly increased.

OPTIONS

       The  -c  option  is  used to specify the fully-qualified path name to a
       config file that lists the names of files to lock, if the  config  file
       is not specified then it will default to /etc/memlockd.cfg.

       The  -d  option specifies debugging mode, the program will not fork and
       will produce it’s logging messages on stderr instead of via syslog.

       The -u option specifies the name of a user to use for running ldd  (for
       recursive  operation).   Note  that  locking  shared  objects  that are
       writable by non-root is not safe, but using a different UID will reduce
       the risk.

       The config file will contain a number of fully qualified names of files
       to lock in RAM.  When locking shared objects and  ELF  binaries  it  is
       possible  to  prefix  the file name with a + character to indicate that
       memlockd should recursively lock all shared objects  that  the  program
       requires and all shared objects that those objects require.

       SEE ALSO
              mlock(2), mmap(1).

AUTHOR

       memlockd was written by Russell Coker <russell@coker.com.au>

                                                                   memlockd(8)