On Sun, 05 Jun 2011 12:55:45 +0000 Mathias Ruediger <[email protected]> wrote: > Since I upgraded my machine to a Phenom x6, I have some issues > regarding sydbox. It runs at 100% and can (afaik) only utilize one > core. Therefore it is quite a performance gap, meaning that the other > five cores never are fully utilized.
That's not really very true. It's better to say that sydbox slightly increases the amount of time spent invoking the non-parallelisable part of a syscall. The question is whether this makes a large enough difference that it's worth taking the risk of not doing sandboxing, and the answer to that is almost certainly no. > As I understand, the reason is the kernels pthread implementation > which has some shortcomings. As I doubt this problem will be solved > anytime soon, it might be a good idea to look for alternative > approaches. The approaches are LD_PRELOAD-based (which is what Sandbox did, at least clasically), or ptrace-based. The LD_PRELOAD approach is horrible and doesn't really work. > Is there a list of features a sandbox has to have to be of any use? The big one is that it has to work reliably and consistently and without weird side effects. -- Ciaran McCreesh
signature.asc
Description: PGP signature
_______________________________________________ Exherbo-dev mailing list [email protected] http://lists.exherbo.org/mailman/listinfo/exherbo-dev
