Re: Ideas for the oom problem

Hacksaw (hacksaw@hacksaw.org)
Wed, 28 Mar 2001 18:33:04 -0500


> --On Wednesday, March 28, 2001 09:38:04 -0500 Hacksaw <hacksaw@hacksaw.org>
> wrote:
> >
> > Deciding what not to kill based on who started it seems like a bad idea.
> > Root can start netscape just as easily as any user, but if the choice of
> > processes to kill is root's netscape or a user's experimental database,
> > I'd want the netscape to go away.
>
> root does not use netscape -FULLSTOP-

Making assumptions about what users will do is foolish.

> Anyone working as root is (sorry) an idiot! root's processes are normally
> quite system-relevant and so they should never be killed, if we can avoid
> it.

The real world intrudes. Root sometimes needs to look at documentation, which,
these days is often available as html. Sometimes it's only as html. And people
in a panic who aren't trained sys-admins aren't going to remember to log in as
someone else.

I completely agree that doing general work as root is a bad idea. I do most
root things via sudo. It sure would be nice if all the big dists supplied it
(Hey, RedHat! You listening?) as part of their normal set.

> There can however be processes owned by other users which shouldn't be
> killed in OOM-Situation, but generally root's processes are more important
> than a normal user's processes.

I'd suggest that this is going to change. Not to regular users, though, so
it's still a good point. But we should be figuring out how to compartmentalize
all our servers. Rarely do most servers need to run as root. Just login ones,
and those should be limited.

So which should die, the users experiment, or identd?

> What about doing something really critical to avoid the upcoming OOM-situ
> and get your shell killed because you were to slow?

Right. I agree that roots shell should be exempt. It may be that all shells
should be exempt, or maybe all recent shells.

Better, though, would be to establish the idea of "linchpins".

A linchpin is a process marked with a don't kill for OOM flag (a capability?).
Only those in root group should be able to start one. And darn few things
should be marked as such. Some very small shell, vi, ed, maybe a small emacs.
Just enough so that our heroic admin can gracefully ease the OOM situ by
changing a few bits of /etc or killing off a few well chosen processes.

On the other hand, a flag that says "kill me first" might be even better.

In any case, I'd certainly expect the OOM killer to sort by memory usage, and
kill off the hogs first. I assume it does that.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/