ciaran.mccreesh at googlemail.com
Sun Jun 5 19:38:50 BST 2011
On Sun, 05 Jun 2011 12:55:45 +0000
Mathias Ruediger <ruediger at blueboot.org> wrote:
> Since I upgraded my machine to a Phenom x6, I have some issues
> regarding sydbox. It runs at 100% and can (afaik) only utilize one
> core. Therefore it is quite a performance gap, meaning that the other
> five cores never are fully utilized.
That's not really very true. It's better to say that sydbox slightly
increases the amount of time spent invoking the non-parallelisable part
of a syscall. The question is whether this makes a large enough
difference that it's worth taking the risk of not doing sandboxing, and
the answer to that is almost certainly no.
> As I understand, the reason is the kernels pthread implementation
> which has some shortcomings. As I doubt this problem will be solved
> anytime soon, it might be a good idea to look for alternative
The approaches are LD_PRELOAD-based (which is what Sandbox did, at
least clasically), or ptrace-based. The LD_PRELOAD approach is horrible
and doesn't really work.
> Is there a list of features a sandbox has to have to be of any use?
The big one is that it has to work reliably and consistently and
without weird side effects.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: not available
More information about the Exherbo-dev