thread taskq / unp_gc() using 100% cpu and stalling unix socket IPC

Adrian Chadd adrian at freebsd.org
Wed Nov 14 21:58:26 UTC 2012


On 14 November 2012 02:39, Markus Gebert <markus.gebert at hostpoint.ch> wrote:
>
> On 14.11.2012, at 02:12, Adrian Chadd <adrian at freebsd.org> wrote:
>
> Oh lordie, just hack the kernel to make IP_BINDANY usable by any uid,
> not just root.
>
> I was hoping that capabilitiies would actually be useful these days,
> but apparently not. :(
>
> Then you can stop this FD exchange nonsense and this problem should go away.
> :)
>
>
> Thanks for the suggestion, I'll probably do that regardless of a fix to the
> unp_gc problem, because it's indeed unnecessary overhead in our scenario.
> Still that's a workaround you most probably don't want if you have untrusted
> users on the system or you end up hacking in something comparable to
> security.mac.seeotheruids.specificgid.

Yeah. I was hoping that capabilities would be settable from userland
these days. I remember talking with Robert (CC'ed) about this when
Julian/I threw this into FreeBSD. He wanted me to put it behind a
capability (which I did) but there was no way for userland to grant a
process this capability.

Robert - is there any way these days to grant capabilities to userland
processes?


Adrian


More information about the freebsd-stable mailing list