NAME
memlockd - daemon to lock files in memory with mlock
SYNOPSIS
memlockd [ -c config-file ] [ -d ] [ -u user ]
DESCRIPTION
This manual page documents briefly the memlockd command.
It is used to lock system programs and config files in memory so that
if a DOS attack is experienced then the chance of the sys-admin
regaining control of the system in a reasonable amount of time (and
therefore having a reasonable chance of discovering the cause of the
problem) is significantly increased.
OPTIONS
The -c option is used to specify the fully-qualified path name to a
config file that lists the names of files to lock, if the config file
is not specified then it will default to /etc/memlockd.cfg.
The -d option specifies debugging mode, the program will not fork and
will produce it’s logging messages on stderr instead of via syslog.
The -u option specifies the name of a user to use for running ldd (for
recursive operation). Note that locking shared objects that are
writable by non-root is not safe, but using a different UID will reduce
the risk.
The config file will contain a number of fully qualified names of files
to lock in RAM. When locking shared objects and ELF binaries it is
possible to prefix the file name with a + character to indicate that
memlockd should recursively lock all shared objects that the program
requires and all shared objects that those objects require.
SEE ALSO
mlock(2), mmap(1).
AUTHOR
memlockd was written by Russell Coker <russell@coker.com.au>
memlockd(8)