Date: Wed, 14 Nov 2012 11:39:00 +0100 From: Markus Gebert <markus.gebert@hostpoint.ch> To: Adrian Chadd <adrian@freebsd.org> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: thread taskq / unp_gc() using 100% cpu and stalling unix socket IPC Message-ID: <DDCDD48E-DC96-4EAE-B84C-797D2A58CDE6@hostpoint.ch> In-Reply-To: <CAJ-Vmo=36Ob0NSeFVV4goLsaca7Aqc9B0zdPvYWEcNmBPsk40Q@mail.gmail.com> References: <6908B498-6978-4995-B081-8D504ECB5C0A@hostpoint.ch> <007F7A73-75F6-48A6-9C01-E7C179CDA48A@hostpoint.ch> <CAJ-Vmo=36Ob0NSeFVV4goLsaca7Aqc9B0zdPvYWEcNmBPsk40Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14.11.2012, at 02:12, Adrian Chadd <adrian@freebsd.org> wrote: > Oh lordie, just hack the kernel to make IP_BINDANY usable by any uid, > not just root. > > I was hoping that capabilitiies would actually be useful these days, > but apparently not. :( > > Then you can stop this FD exchange nonsense and this problem should go away. :) Thanks for the suggestion, I'll probably do that regardless of a fix to the unp_gc problem, because it's indeed unnecessary overhead in our scenario. Still that's a workaround you most probably don't want if you have untrusted users on the system or you end up hacking in something comparable to security.mac.seeotheruids.specificgid. Markus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DDCDD48E-DC96-4EAE-B84C-797D2A58CDE6>