On Fri, Dec 18, 1998 at 08:43:14AM +0200, Lucio de Re wrote:
> Perhaps one can have a newer version of update(8) that also monitors 
> for the high-water mark signal.  If no such process can be notified 
> (hm, I must confess I'm out of my depth here, but it seems to me that 
> the new update(8) would log itself as a handler for an otherwise 
> ignored interrupt, alternatively, it can just open a special 
> notification pipe), then the system merely refuses to load any non-root 
> application whatsoever

Umm.. I'm just thinking of the situation where I have a server 400 km from
here, running out of swap and only allowing new root processes to run..
and the systems I configure never allow root logins from network.. so I
can't log in to kill the memory hogs.. ;-)  It would help if I could
allow some user like "operator" to have the same memory allocation
privileges as root, so I could log in, su to root and kill something.

But if the killer process does its job well, this is not necessary..

> As for allowing the high-water mark to be altered, this should not be 
> possible once the high-water mark has been reached (except to shrink 
> it, perhaps) because managing the logistics at this point seems very 
> messy.

I meant it should be alterable at boot time, at least.  (Of course, a
well chosen default value might help, too.. something like 95% of swap,
with at least N megs and maximum of M megs of root headroom..  I guess
this depends so much on the needs that the default values wouldn't suit
for everyone.)

  -jm