MongoDB mlocks some memory for authentication and the encrypted storage engine. The amount it can lock is dependent on a ulimit. However, this only applies to 'unprivileged' processes. A process with the CAP_IPC_LOCK capability flag set on its binary can mlock an unlimited amount of memory, regardless of the environment it was executed in. This seems to be what we want MongoDB to be able to do: use as much mlocked memory as is required.

To make this work, we should add CAP_IPC_LOCK to mongo, mongod, and mongos in our RPM and deb installers. RPM seems to have a macro called %caps for setting capabilities. deb probably has something similar.