Re: [PATCH RFC] Disable save-entropy in jails
--Apple-Mail=_2E445BD2-D202-4E8E-9E15-DAF30A9708B3
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On 26 Dec 2013, at 00:50, RW <rwmaillists@googlemail.com> wrote:
> On Wed, 25 Dec 2013 22:24:27 +0100
> Pawel Jakub Dawidek wrote:
>=20
>=20
>> We could do the same for save-entropy. It would be even nicer to have
>> some flag so that even sysctl(8) is not executed.
>=20
> The only security consideration here is that a bug in that conditional
> test might prevent entropy being saved. The benefit is saving a few =
KBs
> of disk space and a few cpu cycles a few times an hour. Tiny risk, =
even
> tinier benefit IMO.
Yes. It would be more work but nicer if these scripts could be somehow =
marked
=93not for jail use=94 and then dealt with by the boot process.
Hmm.
It looks like rcorder(8) may already know about a =91nojail=92 =
attribute. I
think using that would be best.
M=20
--=20
Mark R V Murray
--Apple-Mail=_2E445BD2-D202-4E8E-9E15-DAF30A9708B3
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQCVAwUBUrxJVN58vKOKE6LNAQoiOAQArqG/mxL3u3/uCgNYcLSz/hHnA13rzXWZ
mDa05WaUowIloGLAmkZyc3YcEuJ6XNUZQhY2cCIDmdOKv8V7pJaRYkwNe7IuJbdV
30YREyo1aVVX+cGJNrnCgnWpVBatlgCInjbTjB7bjKdQGcOtvk9gbpa000cCnxa5
WhRqTevQ70s=
=kM3a
-----END PGP SIGNATURE-----
--Apple-Mail=_2E445BD2-D202-4E8E-9E15-DAF30A9708B3--
討論串 (同標題文章)
完整討論串 (本文為第 11 之 11 篇):