svn commit: r238118 - head/lib/libc/gen
    David Chisnall 
    theraven at FreeBSD.org
       
    Wed Jul  4 20:40:26 UTC 2012
    
    
  
On 4 Jul 2012, at 21:32, Andrey Chernov wrote:
> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old way 
> initialization) always exists.
From the perspective of Capsicum sandboxes, a device node is better than a sysctl.  The kernel must hard-code policy about which sysctls are permitted, but access to file descriptors is decided on a per-sandbox basis and is configurable by the user.  The same applies to jails, although it's slightly more effort to make device nodes appear inside a jail.
David
    
    
More information about the svn-src-all
mailing list