Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WGjpo-0003f4-RM for bitcoin-development@lists.sourceforge.net; Fri, 21 Feb 2014 06:43:44 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.50 as permitted sender) client-ip=209.85.214.50; envelope-from=laanwj@gmail.com; helo=mail-bk0-f50.google.com; Received: from mail-bk0-f50.google.com ([209.85.214.50]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WGjpm-0007jU-UC for bitcoin-development@lists.sourceforge.net; Fri, 21 Feb 2014 06:43:44 +0000 Received: by mail-bk0-f50.google.com with SMTP id d7so921081bkh.9 for ; Thu, 20 Feb 2014 22:43:36 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.205.40.2 with SMTP id to2mr1483432bkb.136.1392965016628; Thu, 20 Feb 2014 22:43:36 -0800 (PST) Received: by 10.205.75.72 with HTTP; Thu, 20 Feb 2014 22:43:36 -0800 (PST) In-Reply-To: References: Date: Fri, 21 Feb 2014 07:43:36 +0100 Message-ID: From: Wladimir To: Bitcoin Dev Content-Type: multipart/alternative; boundary=bcaec5299545005e3104f2e4f1bf X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (laanwj[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WGjpm-0007jU-UC Subject: [Bitcoin-development] Fwd: Bitcoin Core trial balloon: splitting blockchain engine and wallet X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Feb 2014 06:43:45 -0000 --bcaec5299545005e3104f2e4f1bf Content-Type: text/plain; charset=UTF-8 On Fri, Feb 21, 2014 at 7:27 AM, Mike Hearn wrote: > Bear in mind a separate process doesn't buy you anything without a > sandbox, and those are expensive (in terms of complexity). > Sandboxing in user space is complex, agreed, The most straightforward way would be to run the blockchain daemon as a system service (with its own uid/gid and set of Apparmor/SELinux restrictions) and the wallet daemon as the user. This would also allow sharing one blockchain daemon between multiple users and wallet processes (not necessarily on the same machine), something I've wanted to be able to do for a long time. Wladimir --bcaec5299545005e3104f2e4f1bf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Fri, Feb 21, 201= 4 at 7:27 AM, Mike Hearn <mike@plan99.net> wrote:

Bear in mind a separate process doesn't buy you anything= without a sandbox, and those are expensive (in terms of complexity).

Sandboxing in user space is complex, agreed,

The most straightforward way would be to run the blockchain daem= on as a system service (with its own uid/gid and set of Apparmor/SELinux re= strictions) and the wallet daemon as the user.

This would also allow sharing one blockchain daemon between multiple users = and wallet processes (not necessarily on the same machine), something I'= ;ve wanted to be able to do for a long time.

Wladimir


--bcaec5299545005e3104f2e4f1bf--