Hacker News new | past | comments | ask | show | jobs | submit login

Clarification in the documentation about what happens with swap files would be nice, especially as aliases are added.

“Conceal” (but not the manpage) suggests it won’t ever be written to swap, but “nocore” as a performance optimization suggests paging to swap is fine.

If dirty concealed pages can’t be swapped, then it starts to look like mlock(), which requires escalated privileges on linux, at least...

(Though, paging dirty mmapped pages to swap is kind of confusing in the first place.)




So the name conceal was chosen to allow some flexibility, like prohibiting ptrace. The idea is to keep secrets from escaping into other programs. Other programs generally can't read swap, so that's not a concern.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: