mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 14:11:10 +01:00
Code Issues Projects Releases Wiki Activity

Unconditionally warn on systems w/o mlock support

Browse Source 
If someone begins using Vault on Windows in dev mode, always hint so that this isn't a surprise when they get to production.
This commit is contained in:
Sean Chittenden 2016-04-05 12:32:53 -07:00
parent 4b13bfde1d
commit a199547ffc
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
command/server.go
View File

@ -124,13 +124,12 @@ func (c *ServerCommand) Run(args []string) int {
return 1 return 1
} }
// If mlock isn't supported, show a warning. We disable this in // If mlockall(2) isn't supported, show a warning (even in dev mode).
// dev because it is quite scary to see when first using Vault. if !mlock.Supported() {
if !dev && !mlock.Supported() {
c.Ui.Output("==> WARNING: mlock not supported on this system!\n") c.Ui.Output("==> WARNING: mlock not supported on this system!\n")
c.Ui.Output(" The `mlock` syscall to prevent memory from being swapped to") c.Ui.Output(" An `mlockall(2)`-like syscall to prevent memory from being")
c.Ui.Output(" disk is not supported on this system. Enabling mlock or") c.Ui.Output(" swapped to disk is not supported on this system. Running")
c.Ui.Output(" running Vault on a system with mlock is much more secure.\n") c.Ui.Output(" Vault on an mlockall(2) enabled system is much more secure.\n")
} }
// Create a logger. We wrap it in a gated writer so that it doesn't // Create a logger. We wrap it in a gated writer so that it doesn't