1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <laanwj@gmail.com>) id 1WGjpo-0003f4-RM
for bitcoin-development@lists.sourceforge.net;
Fri, 21 Feb 2014 06:43:44 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.214.50 as permitted sender)
client-ip=209.85.214.50; envelope-from=laanwj@gmail.com;
helo=mail-bk0-f50.google.com;
Received: from mail-bk0-f50.google.com ([209.85.214.50])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WGjpm-0007jU-UC
for bitcoin-development@lists.sourceforge.net;
Fri, 21 Feb 2014 06:43:44 +0000
Received: by mail-bk0-f50.google.com with SMTP id d7so921081bkh.9
for <bitcoin-development@lists.sourceforge.net>;
Thu, 20 Feb 2014 22:43:36 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.205.40.2 with SMTP id to2mr1483432bkb.136.1392965016628;
Thu, 20 Feb 2014 22:43:36 -0800 (PST)
Received: by 10.205.75.72 with HTTP; Thu, 20 Feb 2014 22:43:36 -0800 (PST)
In-Reply-To: <CA+s+GJCRqqmoHkmsq+6x9Wm6btKzdXoPjw5Af8zRDEkDE+6+zw@mail.gmail.com>
References: <CAJHLa0OD7w0Rs5ygAE4C14EWm1=x57YHG2kOee1pzxvj3FQ38g@mail.gmail.com>
<CANEZrP2siw9hGPVsPjQ6WyohacOrs8rqs5p9ZsFY5kF0URnPWg@mail.gmail.com>
<CA+s+GJCRqqmoHkmsq+6x9Wm6btKzdXoPjw5Af8zRDEkDE+6+zw@mail.gmail.com>
Date: Fri, 21 Feb 2014 07:43:36 +0100
Message-ID: <CA+s+GJAgs7otQB_tQNCntZ5gR+gp3+PfA+iiKPsjLu2oenaSUA@mail.gmail.com>
From: Wladimir <laanwj@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=bcaec5299545005e3104f2e4f1bf
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(laanwj[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WGjpm-0007jU-UC
Subject: [Bitcoin-development] Fwd: Bitcoin Core trial balloon: splitting
blockchain engine and wallet
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2014 06:43:45 -0000
--bcaec5299545005e3104f2e4f1bf
Content-Type: text/plain; charset=UTF-8
On Fri, Feb 21, 2014 at 7:27 AM, Mike Hearn <mike@plan99.net> wrote:
> Bear in mind a separate process doesn't buy you anything without a
> sandbox, and those are expensive (in terms of complexity).
>
Sandboxing in user space is complex, agreed,
The most straightforward way would be to run the blockchain daemon as a
system service (with its own uid/gid and set of Apparmor/SELinux
restrictions) and the wallet daemon as the user.
This would also allow sharing one blockchain daemon between multiple users
and wallet processes (not necessarily on the same machine), something I've
wanted to be able to do for a long time.
Wladimir
--bcaec5299545005e3104f2e4f1bf
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D"ltr"><div class=3D"=
gmail_extra"><div class=3D"gmail_quote"><div class=3D"">On Fri, Feb 21, 201=
4 at 7:27 AM, Mike Hearn <span dir=3D"ltr"><<a href=3D"mailto:mike@plan9=
9.net" target=3D"_blank">mike@plan99.net</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
<p dir=3D"ltr">Bear in mind a separate process doesn't buy you anything=
without a sandbox, and those are expensive (in terms of complexity).</p></=
blockquote></div><div>Sandboxing in user space is complex, agreed,</div>
<div><br>
</div><div>The most straightforward way would be to run the blockchain daem=
on as a system service (with its own uid/gid and set of Apparmor/SELinux re=
strictions) and the wallet daemon as the user.</div><div><br></div><div>
This would also allow sharing one blockchain daemon between multiple users =
and wallet processes (not necessarily on the same machine), something I'=
;ve wanted to be able to do for a long time.</div><span class=3D"HOEnZb"><f=
ont color=3D"#888888"><div>
<br></div><div>Wladimir<br>
</div><div><br></div></font></span></div></div></div>
</div><br></div>
--bcaec5299545005e3104f2e4f1bf--
|