Provided by: memlockd_1.3.1-1_amd64 bug

NAME
       memlockd - daemon to lock files in memory with mlock


SYNOPSIS
       memlockd [ -c config-file ] [ -d ] [ -f ] [ -u user ]


DESCRIPTION
       This manual page documents briefly the memlockd command.

       It is used to lock system programs and config files in memory so that if a DOS attack is experienced then
       the chance of the sys-admin regaining control of the system in a reasonable amount of time (and therefore
       having a reasonable chance of discovering the cause of the problem) is significantly increased.


OPTIONS
       The  -c  option is used to specify the fully-qualified path name to a config file that lists the names of
       files to lock, if the config file is not specified then it will  default  to  /etc/memlockd.cfg.  In  any
       situation  where a config file is used a directory can be used instead, for a directory every file ending
       in ".cfg" will be processed.

       The -d option specifies debugging mode, the program will not fork and will produce it's logging  messages
       on stderr instead of via syslog.

       The  -f  option  specifies  foreground  (non-daemon)  mode,  the program will not fork but will still log
       normally.

       The -u option specifies the name of a user to use for running ldd (for recursive operation).   Note  that
       locking  shared  objects that are writable by non-root is not safe, but using a different UID will reduce
       the risk.

       The config file will contain a number of fully qualified names of files to lock  in  RAM.   When  locking
       shared  objects  and  ELF  binaries it is possible to prefix the file name with a + character to indicate
       that memlockd should recursively lock all shared objects that the program requires and all shared objects
       that  those objects require. When a file not found error doesn't matter (EG you want a single config file
       to have the file names for multiple architectures or systems) you can prefix  the  file  name  with  a  ?
       character, in that case errors such as EPERM will still be logged.

       If  a  line in the config file starts with a % character it will be taken as the name of a config file or
       directory to process.  Currently only one level of recursion is accepted.

       SEE ALSO
              mlock(2), mmap(1).


AUTHOR
       memlockd was written by Russell Coker <russell@coker.com.au>

                                                                                                     memlockd(8)