* Alan Cox (alan@xxxxxxxxxxxxxxxxxxx) wrote:
On Gwe, 2004-09-24 at 21:22, Chris Wright wrote:
Hard to say if it's a policy decision outside the scope of the app.
Esp. if the app knows it needs to not be swapped. Either something that
has realtime needs, or more specifically, privacy needs. Don't need to
mlock all of gpg to ensure key data never hits swap.
Keys are a different case anyway. We can swap them if we have encrypted
swap (hardware or software) and we could use the crypto lib just to
crypt some pages in swap although that might be complex. As such a
MAP_CRYPT seems better than mlock. If we don't have cryptable swap then
fine its mlock.
Yeah, sounds nice. This is still very much an app specific policy, not
something that a helper such as mlock(1) would solve.