> On Thu, Oct 14, 2010 at 2:08 AM, Ted Unangst <[email protected]> wrote: > > So it's not a good idea to perform long lasting operations in the kernel. > > The scheduler doesn't deal well with it and nobody else gets to run. > > > > One of those long loops is loading a large table into pf. If you're > > lucky, you'll run out of memory and pool will finally sleep. > > > > hmm, but root can do other evil things.. or you're getting prepared for > the future, when we'll have permissions for the tables? :-)
admins can do crazy rulesets with authpf; which are then exposed to a user login.
