On 09/19/2007 04:30 PM, Roland McGrath wrote:
> The reasons against it in the past were that it slowed down
> the common case (people who aren't using the feature)
It doesn't look like it should.
With the latest patches in 2.6.23 it looks like the overhead
is just about zero, so I enabled it on the principle that we
basically enable everything we possibly can...
And I wish more people would look at using it for untrusted
code, e.g. a JPEG decoder could run in the "jail" and it
couldn't cause any harm even if someone managed to exploit