Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
(sd-pam) process is a CoW trap. Garbage data puts unecessary pressure on virtual memory. #8081
systemd version the issue has been seen with
code seen in master
I've been overloading my RAM a bit lately.
StackOverflow has a one-liner to print per-process swap usage. I notice that
This is basically all going to be dead memory as far as
Yes, this is a known problem, and there has been a TODO list item about this for a while, but it's really hard to fix this, and PAM isn't really making things easy here...
To fix this we'd have to split exec_child() in two, and the part from the setup_pam() invocation on would need to be compiled into a separate binary that we can execve() first here, in order to release the cow copies of PID1's memory... But to make that work we'd have to pass all that context info we need over the execve(), and we'd ideally do that in a fashion that for the non-PAM case we'd avoid this extra execve() thing... And that's frickin' awful...
As you say pam doesn't fit in to exec_child() very nicely. But
and suggest anyone else consider
It's great to have service files declaratively dropping privileges. But maybe we can give up on fitting arbitrary plugins in to the sequence.