grsecurity forums

[false]

Hi!

I'm assembling new machine for apache/postgresql. I'm courious if grsecurity limits memory in any way (I think yes).

I need minimum 2GB (whole database must fit into RAM) but 4GB would be OK too.

It would be dual xeon with 2GB - 4GB RAM.

It is better for grsecurity to choose "4GB" or "64GB" (for CONFIGHIMEM kernel option (second option uses PAE))???

Can I have 4GB or only 2?



thanks in advance!

[PaX Team]

I'm assembling new machine for apache/postgresql. I'm courious if grsecurity limits memory in any way (I think yes).

the only limitation i know of has to do with PaX/SEGMEXEC which limits the *virtual* address space of tasks to 1.5 GB, other than this there are no limits on *physical* memory.

you say that you plan to use a database of some 2 GB which obviously won't fit into the 1.5 GB address space (mind you, not even in the normal 3 GB unless you link your database app statically), so if you still want non-executable pages, you would have to use PAGEEXEC which will bring its own problems, in particular the performance impact would probably be too high (because the working set size of the database app would be way bigger than the 256k that the DTLB can map at once).

when you get your system up i'd like to see a /proc/<database app pid>/maps file output, this would help me determine whether extending SEGMEXEC to support a different data/code split is practical or not.