A few days ago I posted about Capsicum vs Pledge in dhcpcd. Well, I finished the Capsicum integration yesterday so I thought I would take some time to revisit my findings.
Capsicum is hard to develop for It’s either on or off. You can limit each FD with capabilites mode off, but I’m not sure what that gains as it’s mainly there to allow the FD to be used in the restricted world so we can treat it as either on or off really.
So one of the big goals of dhcpcd was to implement Privilege Separation. This was achieved in dhcpcd-9 which was important because it was a required step of work to merge dhcpcd into FreeBSD base system. Once done, we can then look at what is required to enable Capsicum support, which is the last required step before dhcpcd can even be considered for importing into FreeBSD base system.
The good news is that basic Capsicum support has been enabled in this commit by ensuring all the file descriptors of the network facing processes are limited in their capability.
My home server for a few years has been a Gigabyte BRIX 1900. Aside from powering this site, my email, project mailing lists and source code repositories, I use use it to host some VM’s as XEN DOMU HVM guests so I can ensure my code works on many operating systems. However, the VM hosting brought my server to it’s knees.
I’ve recently purchased an AMD 2600x which I’ve fitted out with 32GB RAM.
open_memstream is one of the more important functions added to POSIX libc of late. It’s so important because it makes the generation of strings really easy- you no longer need to care about allocating the right amount of memory as the library will do it for you. Now, there’s many functions that already help with this, such as asprintf but that’s not standard and if you want to create many strings in one area you still need to care about the size of the area.
Pretty much every piece of software I’ve seen uses a list of objects. When you need to easily grow and shrink this list easily you then need something like a Linked List. dhcpcd has used very popular and widely available BSD based queue(3), specifically a tailq. The main advantages of this type of list are:
Very low extra memory needed for it’s implementation Fast at insertion and removal operation- both are O(1) However, it’s just a list.