Expanding the list of "Hardened Packages"
Kevin Fenzi
kevin at scrye.com
Tue Apr 2 23:59:24 UTC 2013
On Tue, 02 Apr 2013 16:50:33 -0700
John Reiser <jreiser at bitwagon.com> wrote:
> > It does rather seem like we should consider just killing it
> > [prelink], at least by default.
>
> Prelinking shortens the time between execve() and first useful output.
> A prelinked module reduces time spent in ld-linux, and increases
> sharing of pages (which reduces time spent in kernel duplicating
> copy-on-write pages.) The savings are *visible* when invoking an
> interactive GUI program that has dozens of shared libraries, or when
> several hundred smaller executables are invoked each second, such as
> some 'make' clouds, etc.
I'm not so sure they are... perhaps it's time for another round of 'how
fast does libreoffice start when prelinked vs not' ?
> Some systems want those savings, and are willing to pay with slightly
> less protection via reduced ASLR. Some administrators compensate
> by running a full prelink daily, and a partial prelink of "hot"
> modules (glibc, ...) a few times during the day, even as often as
> hourly; and with parameters to reduce interference with modules which
> are not being [re-]prelinked during the current run.
Indeed. Also, some administrators remove prelink and do not use it on
any of there systems. (Like say, Fedora Infrastructure, or all my home
machines).
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130402/73bd7044/attachment.sig>
More information about the devel
mailing list