Yes, I'm not doing anything because you probably have missed the line 79: flags = PPROT_SET;

About the -s flag, I guess my comment was clear:
pgrep syslogd | xargs protect -p

Here as you can see, I need to launch and get the PID and then run protect. This turns out a bit ugly to be write on rc.subr.

So, why not take the same approach and be able to launch protect -s <command> instead of do it in 2 steps and using xargs?

I will consider your suggestion,

Yes, I'm not doing anything because the line 79 is setting the flag already.

But you are right, it is not necessary a new option on protect.

This should probably not describe ALL vs YES. Instead, the manpage should cover that.
I would also reword this to be shorter and more direct:

"Don't kill syslogd when swap space is exhausted."

I think terser (ideally one-line) descriptions are more appropriate for this file and longer descriptions should be in the man page.

I would maybe use "killer" instead of "Killer". The phrase "OOM killer" is still a bit odd. The description for protect(1) is "Protest processes from being killed when swap space is exhausted", a variant of that that you could use here would be "Protect from being killed when swap space is exhausted."

This should describe ALL vs YES.

I would drop the sentence about rc.conf. This is an entry in a section that lists various variables that can be set in /etc/rc.conf or /etc/rc.conf.d/foo. None of the other variable descriptions mention this explicitly. Instead, that is implicitly assumed for all of these variables. Earlier in the manpage the description of load_rc_config describes what config files can be used to override variables used by run_rc_command.

"swap"

"no child processes"

If
.EM ALL

"all child processes"

s/swape/swap/

"Don't kill ${command} when swap space is exhausted."

You put the full path in ${PROTECT}, so you should probably use it here like you use it below.

So wait - the idea is no longer to run the command directly via ${PROTECT}, but instead add PPROT_SET to the already-running process (and it's progeny, as needed)? Why was that change made? Doesn't that open up a window when the command is not protected?

If
.EM ALL
is used, protect all child processes.

This change was made because protect(1) doesn't work in the way as: protect command.
At the man page it seems clear:
pgrep Xorg | xargs protect -p

If you make a test with these two version of this patch and use:
ps -axwwo pid,flags,flags2,command | grep syslogd

You will see that the patch using protect command, doesn't works. So, apply the protection over the pid is the right thing to do.

That doesn't open any window for the unprotected command.

"This change was made because protect(1) doesn't work in the way as: protect command."
"At the man page it seems clear:"

I agree that the manpage is clear; I disagree what it is clear about. :-)

• protect [-i] command
• command Execute command as a protected process.

That says to me that `protect ${command}' runs the process with PPROT_SET. If that doesn't work, then either that's a bug which needs to be fixed, or the manpage needs to be corrected.

"That doesn't open any window for the unprotected command."

Sure there is:

1. Run command
2. Get command's PID
3. PID is killed
4. ${PROTECT} -p ${pid}

You still need an "is used, " here.

'proctect foo' definitely works. It's how I used this in production back when I first wrote it.

> sudo protect jot 100000000 >/dev/null
# in another window
> ps -o flags -p `pgrep jot`
       F
10104002

With syslogd(8) it doesn't work! Maybe because syslogd fork itself?:

[root@Gandigate /usr/src]# protect syslogd >/dev/null
[root@Gandigate /usr/src]# ps -o flags -p `pgrep syslogd`
       F
10000000

protect over the PID:

[root@Gandigate /usr/src]# pgrep syslogd | xargs protect -i -p
[root@Gandigate /usr/src]#  ps -o flags -p `pgrep syslogd`
       F
10100000

Correct, 'protect syslogd' will only protect the parent process which immediately exits if it is a daemon. You would either need to use 'protect -i' or you would want to do something like 'daemon protect syslogd -F' to move the fork earlier.

Neither solution is really great. If I were working on something like launchd I would want 'syslogd -F' anyway so I could know if the process died.

There definitely is a window where the process isn't protected, but it is relatively "small". Using the pid is perhaps the least evil, but I think this makes me want to replace rc.d with a real daemon manager even more.

In such case like syslogd(8), in my point of view is:

1. Forget this "global" patch and only apply the protection direct inside syslogd(8) code. I have a patch ready for this purpose.

2. Commit this patch and apply protect(1) over the PID. Knowing there is a small "window" where the process isn't protected.

What do you think?

I think 2) is ok (that is what I meant by "using the pid is perhaps the least evil"). It's not perfect, but I think it is the best option available. I think there is some value in having a general purpose protect knob.