# Protect process from OOM killer in Jail



## sipopo (Jul 21, 2021)

Hi, 

Does anybody know how to protect daemon in jail from OOM Killer?
I tried to set *mysql_oomprotect* to YES in rc.conf in Jail but it doesn't work.

Thaks


----------



## SirDice (Jul 21, 2021)

sipopo said:


> Does anybody know how to protect daemon in jail from OOM Killer?


Yes, simple. Don't run out of memory.


----------



## _martin (Jul 21, 2021)

The OOM protection is done by procctl(2) in the background used by the protect(1) command. This tracing is not allowed in jails for security reasons. 

If you're running out of memory you have bigger issues. But let's say you have a corner case where you are testing something and you do want to achieve what you've asked. From top of my head I'd say run the protect command on host as follows `# protect -p $<pid of mysql daemon>`.


----------



## 0mp (Jul 11, 2022)

_martin said:


> The OOM protection is done by procctl(2) in the background used by the protect(1) command. This tracing is not allowed in jails for security reasons.


It is documented now in protect(1) (see https://cgit.freebsd.org/src/commit/?id=6452fb1e87ed9d00b52fa1e63e7c3a7516c9586c).

This behavior may change, however. FreeBSD developers are considering adding a way to enable the use of procctl(2) in jails.


----------



## jbo (Jul 12, 2022)

The bugs section of protect(1) states:


> *BUGS*
> If    you protect a runaway process that allocates all memory    the system
> will deadlock.


Is that really a bug? There's not much one can do in such a situation, right? It's basically inevitable?
It certainly doesn't seem to be a bug of protect(1) itself (if the answers to the last two questions above are "yes").


----------



## 0mp (Jul 12, 2022)

jbodenmann said:


> Is that really a bug?


Per mdoc(7):


```
BUGS
           Known bugs, limitations, and work-arounds should be described in
           this section.
```

The "BUGS" section title is a bit confusing nowadays, yes.


----------

