Index: usr.bin/Makefile =================================================================== --- usr.bin/Makefile (revision 253202) +++ usr.bin/Makefile (working copy) @@ -131,6 +131,7 @@ printenv \ printf \ procstat \ + protect \ rctl \ renice \ rev \ Index: usr.bin/protect/Makefile =================================================================== --- usr.bin/protect/Makefile (revision 0) +++ usr.bin/protect/Makefile (working copy) @@ -0,0 +1,8 @@ +# $FreeBSD $ + +PROG= protect +WARNS?= 6 + +CFLAGS+= -I/home/jhb/work/p4/proc + +.include Property changes on: usr.bin/protect/Makefile ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: usr.bin/protect/protect.1 =================================================================== --- usr.bin/protect/protect.1 (revision 0) +++ usr.bin/protect/protect.1 (working copy) @@ -0,0 +1,66 @@ +.\" XXX: License +.\" +.\" $FreeBSD$ +.\" +.Dd May 7, 2013 +.Dt PROTECT 1 +.Os +.Sh NAME +.Nm protect +.Nd "protect processes from being killed when swap space is exhausted" +.Sh SYNOPSIS +.Nm +.Op Fl i +.Ar command +.Nm +.Op Fl cdi +.Fl g Ar pgrp | Fl p Ar pid +.Sh DESCRIPTION +The +.Nm +command is used to mark processes as protected. +The kernel does not kill protected processes when swap space is exhausted. +Note that this protected state is not inherited by child processes by default. +.Pp +The options are: +.Bl -tag -width indent +.It Fl c +Remove protection from the specified processes. +.It Fl d +Apply the operation to all current children of the specified processes. +.It Fl i +Apply the operation to all future children of the specified processes. +.It Fl g Ar pgrp +Apply the operation to all processes in the specified process group. +.It Fl p Ar pid +Apply the operation to the specified process. +.It Ar command +Execute +.Ar command +as a protected process. +.El +.Pp +Note that only one of the +.Fl p +or +.Fl g +flags may be specified when adjusting the state of existing processes. +.Sh EXIT STATUS +.Ex -std +.Sh EXAMPLES +Mark the Xorg server as protected: +.Pp +.Dl "pgrep Xorg | xargs protect -p" +Protect all ssh sessions and their child processes: +.Pp +.Dl "pgrep sshd | xargs protect -dip" +Remove protection from all current and future processes: +.Pp +.Dl "protect -cdi -p 1" +.Sh SEE ALSO +.Xr pprotect 2 +.Sh BUGS +If you protect a runaway process that allocates all memory the system will +deadlock. +.Pp +Inheritance of the protected state is not yet implemented. Property changes on: usr.bin/protect/protect.1 ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: usr.bin/protect/protect.c =================================================================== --- usr.bin/protect/protect.c (revision 0) +++ usr.bin/protect/protect.c (working copy) @@ -0,0 +1,111 @@ +/*- + * XXX: License + */ + +#include +__FBSDID("$FreeBSD"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if 1 +#include + +static __inline int +procctl2(idtype_t idtype, id_t id, int com, void *data) +{ + return (syscall(SYS_procctl, idtype, id, com, data)); +} + +#define procctl procctl2 +#endif + +static void +usage(void) +{ + + fprintf(stderr, "usage: protect [-i] command\n"); + fprintf(stderr, " protect [-cdi] -g pgrp | -p pid\n"); + exit(1); +} + +static id_t +parse_id(char *id) +{ + static bool first = true; + long value; + char *ch; + + if (!first) { + warnx("only one -g or -p flag is permitted"); + usage(); + } + value = strtol(id, &ch, 0); + if (*ch != '\0') { + warnx("invalid process id"); + usage(); + } + return (value); +} + +int +main(int argc, char *argv[]) +{ + idtype_t idtype; + id_t id; + int ch, flags; + bool descend, inherit, idset; + + idtype = P_PID; + id = getpid(); + flags = PPROT_SET; + descend = inherit = idset = false; + while ((ch = getopt(argc, argv, "cdig:p:")) != -1) + switch (ch) { + case 'c': + flags = PPROT_CLEAR; + break; + case 'd': + descend = true; + break; + case 'i': + inherit = true; + break; + case 'g': + idtype = P_PGID; + id = parse_id(optarg); + idset = true; + break; + case 'p': + idtype = P_PID; + id = parse_id(optarg); + idset = true; + break; + } + argc -= optind; + argv += optind; + + if ((idset && argc != 0) || (!idset && (argc == 0 || descend))) + usage(); + + if (descend) + flags |= PPROT_DESCEND; + if (inherit) + flags |= PPROT_INHERIT; + if (procctl(idtype, id, PROC_SPROTECT, &flags) == -1) + err(1, "procctl"); + + if (argc != 0) { + errno = 0; + execvp(*argv, argv); + err(errno == ENOENT ? 127 : 126, "%s", *argv); + } + return (0); +} Property changes on: usr.bin/protect/protect.c ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property