limit size of database in memory

With logbookd, a user can (I did this!) spam writes to syslog until the system memory is full. The OOM killer might end up killing logbookd to free memory.

For a good init system, this isn't too bad since logbookd will probably be restarted. You may lose log data though (e.g. if run with -r).

On systems with limited init systems, logbookd may not be restarted. In that case, a normal user was effectively allowed to disable all system logging for the current boot by causing logbookd to get OOM killed, and I don't think that's good...

Is there some way to limit the amount of data in memory?

When rotating entries in memory, it could dump old ones to disk (e.g. -r?

I think a hard limit of 10% of system RAM, where entries in memory would be rotated so it doesn't continue to grow unbounded, would be sufficient even for devices (N900) with <1GB memory... it seems unlikely the in-memory log data would approach hundreds of MB?

Assigned to
6 months ago
6 months ago
No labels applied.

~craftyguy 6 months ago

Ugh, I just discovered logbookd -g, sorry for the noise. I can't edit this todo(??!) but I think it would still be nice to have a way for entries in memory (when using -r) to be rotated to disk instead of being dropped entirely. Is this possible?

~martijnbraam 6 months ago

The issue with -r mode is that the on disk database is the exact same one as the one loaded in memory. So writing it out doesn't actually save memory.

That's the major tradeoff with -r mode. if it's using disk-backed logs without reduced write mode it's using the sqlite memory management and you'll avoid this issue. With pure in-memory mode logs are already dropped when memory limits are hit.

Register here or Log in to comment, or comment via email.