From owner-freebsd-stable@FreeBSD.ORG Wed Nov 14 21:58:26 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A57DAF52; Wed, 14 Nov 2012 21:58:26 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-pa0-f54.google.com (mail-pa0-f54.google.com [209.85.220.54]) by mx1.freebsd.org (Postfix) with ESMTP id 6B79A8FC13; Wed, 14 Nov 2012 21:58:26 +0000 (UTC) Received: by mail-pa0-f54.google.com with SMTP id kp6so655762pab.13 for ; Wed, 14 Nov 2012 13:58:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=BPpPYtMykPPFq3nViXgRH1pBySMFJsiyhABJFXskSEk=; b=Yv6A9F8RLfuft6pYbAoefAUbVx5U4ulqgjDvUK+F+uW/PZXLUg3radNBKjSIXrZNEI APqckfu1ekXFzcYJ3SWacCiXAjzvhINqURzYXc3MiqPU44RR5iud6gI7fWj59QXJ3uT8 lPRVnWzJQOxYh3AJzdavaNjGp/oyWQLHJUq0zvCxoill86kgG8cHu/eLD5igMA9xqj1h 4J+lUuR1X7qzJUYYFpYq0ZISlKX4wTDkX1vhhoNa09345BGJKAjVltD9eLfibw5ukrki FvpHyPpDeFlmIVLk9JFq0BXwHqm1nSwUFUgObdbGCf9OJu4ygBSAMY6E/JOIoDGqNHIR Eetw== MIME-Version: 1.0 Received: by 10.66.89.9 with SMTP id bk9mr1641513pab.67.1352930306066; Wed, 14 Nov 2012 13:58:26 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.68.124.130 with HTTP; Wed, 14 Nov 2012 13:58:25 -0800 (PST) In-Reply-To: References: <6908B498-6978-4995-B081-8D504ECB5C0A@hostpoint.ch> <007F7A73-75F6-48A6-9C01-E7C179CDA48A@hostpoint.ch> Date: Wed, 14 Nov 2012 13:58:25 -0800 X-Google-Sender-Auth: Pt2fLnJUrk6XoLLRGBWu_dyjAYY Message-ID: Subject: Re: thread taskq / unp_gc() using 100% cpu and stalling unix socket IPC From: Adrian Chadd To: Markus Gebert , rwatson@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 21:58:26 -0000 On 14 November 2012 02:39, Markus Gebert wrote: > > On 14.11.2012, at 02:12, Adrian Chadd wrote: > > Oh lordie, just hack the kernel to make IP_BINDANY usable by any uid, > not just root. > > I was hoping that capabilitiies would actually be useful these days, > but apparently not. :( > > Then you can stop this FD exchange nonsense and this problem should go away. > :) > > > Thanks for the suggestion, I'll probably do that regardless of a fix to the > unp_gc problem, because it's indeed unnecessary overhead in our scenario. > Still that's a workaround you most probably don't want if you have untrusted > users on the system or you end up hacking in something comparable to > security.mac.seeotheruids.specificgid. Yeah. I was hoping that capabilities would be settable from userland these days. I remember talking with Robert (CC'ed) about this when Julian/I threw this into FreeBSD. He wanted me to put it behind a capability (which I did) but there was no way for userland to grant a process this capability. Robert - is there any way these days to grant capabilities to userland processes? Adrian