Index: usr.sbin/syslogd/syslogd.8 =================================================================== --- usr.sbin/syslogd/syslogd.8 +++ usr.sbin/syslogd/syslogd.8 @@ -36,7 +36,7 @@ .Nd log systems messages .Sh SYNOPSIS .Nm -.Op Fl 468ACcdFkNnosTuv +.Op Fl 468ACcdFkNnoOsTuv .Op Fl a Ar allowed_peer .Op Fl b Ar bind_address .Op Fl f Ar config_file @@ -254,6 +254,10 @@ .Xr getbootfile 3 . Without this, the kernel message prefix is always .Dq Li kernel: . +.It Fl 0 +Protect +.Nm +from being killed if the system exhausts available memory and swap. .It Fl p Specify the pathname of an alternate log socket to be used instead; the default is Index: usr.sbin/syslogd/syslogd.c =================================================================== --- usr.sbin/syslogd/syslogd.c +++ usr.sbin/syslogd/syslogd.c @@ -89,6 +89,7 @@ #include #include #include +#include #include #include @@ -290,6 +291,7 @@ static int MarkInterval = 20 * 60; /* interval between marks in seconds */ static int MarkSeq; /* mark sequence number */ static int NoBind; /* don't bind() as suggested by RFC 3164 */ +static int ProtectMode = 0;/* when true, protect from OOM killer */ static int SecureMode; /* when true, receive only unix domain socks */ #ifdef INET6 static int family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */ @@ -384,7 +386,7 @@ STAILQ_INIT(&hqueue); - while ((ch = getopt(argc, argv, "468Aa:b:cCdf:Fkl:m:nNop:P:sS:Tuv")) + while ((ch = getopt(argc, argv, "468Aa:b:cCdf:Fkl:m:nNoOp:P:sS:Tuv")) != -1) switch (ch) { case '4': @@ -481,6 +483,13 @@ case 'o': use_bootfile = 1; break; + case 'O': + /* + * Protect itself from being killed + * when swap space is exhausted. + */ + ProtectMode++; + break; case 'p': /* path */ if (strlen(optarg) >= sizeof(sunx.sun_path)) errx(1, "%s path too long, exiting", optarg); @@ -630,6 +639,11 @@ /* tuck my process id away */ pidfile_write(pfh); + if (ProtectMode) { + int p_flags = PPROT_SET; + procctl(P_PID, getpid(), PROC_SPROTECT, &p_flags); + } + dprintf("off & running....\n"); init(0);