Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32915

Set CAP_IPC_LOCK capability in Linux packages

    XMLWordPrintable

Details

    • Improvement
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • None
    • 4.1 Desired
    • Packaging

    Description

      MongoDB mlocks some memory for authentication and the encrypted storage engine. The amount it can lock is dependent on a ulimit. However, this only applies to 'unprivileged' processes. A process with the CAP_IPC_LOCK capability flag set on its binary can mlock an unlimited amount of memory, regardless of the environment it was executed in. This seems to be what we want MongoDB to be able to do: use as much mlocked memory as is required.

      To make this work, we should add CAP_IPC_LOCK to mongo, mongod, and mongos in our RPM and deb installers. RPM seems to have a macro called %caps for setting capabilities. deb probably has something similar.

      Attachments

        Issue Links

          Activity

            People

              backlog-server-build Backlog - Build Team
              spencer.jackson@mongodb.com Spencer Jackson
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: