Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32915

Set CAP_IPC_LOCK capability in Linux packages

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 4.1 Desired
    • Component/s: Packaging
    • Labels:

      Description

      MongoDB mlocks some memory for authentication and the encrypted storage engine. The amount it can lock is dependent on a ulimit. However, this only applies to 'unprivileged' processes. A process with the CAP_IPC_LOCK capability flag set on its binary can mlock an unlimited amount of memory, regardless of the environment it was executed in. This seems to be what we want MongoDB to be able to do: use as much mlocked memory as is required.

      To make this work, we should add CAP_IPC_LOCK to mongo, mongod, and mongos in our RPM and deb installers. RPM seems to have a macro called %caps for setting capabilities. deb probably has something similar.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              backlog-server-build Backlog - Build Team
              Reporter:
              spencer.jackson Spencer Jackson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: