Date: Wed, 4 Jul 2012 23:50:39 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Attilio Rao <attilio@freebsd.org> Cc: src-committers@freebsd.org, Andrey Chernov <ache@freebsd.org>, svn-src-all@freebsd.org, David Chisnall <theraven@freebsd.org>, svn-src-head@freebsd.org, Pawel Jakub Dawidek <pjd@freebsd.org>, markm@freebsd.org Subject: Re: svn commit: r238118 - head/lib/libc/gen Message-ID: <20120704205039.GO2337@deviant.kiev.zoral.com.ua> In-Reply-To: <CAJ-FndAGgkgi5W3LqgMkeK9AquQ=1RhhYcj4jnLmuRg2EwVuqA@mail.gmail.com> References: <201207041951.q64JpPXu029310@svn.freebsd.org> <20120704200220.GM2337@deviant.kiev.zoral.com.ua> <20120704203239.GA42326@vniz.net> <8344944B-1CEE-4CAD-96FB-EC5A743F6909@FreeBSD.org> <CAJ-FndAGgkgi5W3LqgMkeK9AquQ=1RhhYcj4jnLmuRg2EwVuqA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--8F/57/tdqD1iFupr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 04, 2012 at 09:45:54PM +0100, Attilio Rao wrote: > 2012/7/4 David Chisnall <theraven@freebsd.org>: > > On 4 Jul 2012, at 21:32, Andrey Chernov wrote: > > > >> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old= way > >> initialization) always exists. > > > > From the perspective of Capsicum sandboxes, a device node is better tha= n a sysctl. The kernel must hard-code policy about which sysctls are permi= tted, but access to file descriptors is decided on a per-sandbox basis and = is configurable by the user. The same applies to jails, although it's slig= htly more effort to make device nodes appear inside a jail. >=20 > Also don't understimate the locking factor here. > I recall that at some point /dev/random was introducing some > scalability penalty on php (maybe related to the suhosin patch) until > kib made shared lookups available on devfs. IIRC, sysctls are still > Giant locked. /dev/random has further optimizations which eliminate the dev_mtx aquisitions as well. KERN_ARND is mpsafe. --8F/57/tdqD1iFupr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAk/0rJ8ACgkQC3+MBN1Mb4gZOwCZAeP3uUjdRcIxqyJMvUuTCFeY tlAAoI95/UY73VhFCesTtMcC7pnvAclL =/7S7 -----END PGP SIGNATURE----- --8F/57/tdqD1iFupr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120704205039.GO2337>