intercept_verify is fast, but the policy check is (relatively) slow.
This commit is contained in:
@@ -2023,6 +2023,11 @@ and logged just like they would be if run through
|
|||||||
directly.
|
directly.
|
||||||
This is useful in conjunction with commands that allow shell escapes
|
This is useful in conjunction with commands that allow shell escapes
|
||||||
such as editors, shells, and paginators.
|
such as editors, shells, and paginators.
|
||||||
|
There is additional overhead due to the policy check that may add
|
||||||
|
latency when running commands such as shell scripts that execute a
|
||||||
|
large number of sub-commands.
|
||||||
|
For interactive commands, such as a shell or editor,
|
||||||
|
the overhead is not usually noticable.
|
||||||
.sp
|
.sp
|
||||||
In the following example, user
|
In the following example, user
|
||||||
\fBchuck\fR
|
\fBchuck\fR
|
||||||
@@ -3428,10 +3433,6 @@ policy check.
|
|||||||
The checks can only be performed if the
|
The checks can only be performed if the
|
||||||
proc(@mansectform@)
|
proc(@mansectform@)
|
||||||
file system is available.
|
file system is available.
|
||||||
The additional overhead from
|
|
||||||
\fIintercept_verify\fR
|
|
||||||
may add additional latency when running shell scripts that
|
|
||||||
execute a large number of commands.
|
|
||||||
This flag has no effect unless the
|
This flag has no effect unless the
|
||||||
\fIintercept\fR
|
\fIintercept\fR
|
||||||
flag is enabled or the
|
flag is enabled or the
|
||||||
|
@@ -1926,6 +1926,11 @@ and logged just like they would be if run through
|
|||||||
directly.
|
directly.
|
||||||
This is useful in conjunction with commands that allow shell escapes
|
This is useful in conjunction with commands that allow shell escapes
|
||||||
such as editors, shells, and paginators.
|
such as editors, shells, and paginators.
|
||||||
|
There is additional overhead due to the policy check that may add
|
||||||
|
latency when running commands such as shell scripts that execute a
|
||||||
|
large number of sub-commands.
|
||||||
|
For interactive commands, such as a shell or editor,
|
||||||
|
the overhead is not usually noticeable.
|
||||||
.Pp
|
.Pp
|
||||||
In the following example, user
|
In the following example, user
|
||||||
.Sy chuck
|
.Sy chuck
|
||||||
@@ -3249,10 +3254,6 @@ policy check.
|
|||||||
The checks can only be performed if the
|
The checks can only be performed if the
|
||||||
.Xr proc @mansectform@
|
.Xr proc @mansectform@
|
||||||
file system is available.
|
file system is available.
|
||||||
The additional overhead from
|
|
||||||
.Em intercept_verify
|
|
||||||
may add additional latency when running shell scripts that
|
|
||||||
execute a large number of commands.
|
|
||||||
This flag has no effect unless the
|
This flag has no effect unless the
|
||||||
.Em intercept
|
.Em intercept
|
||||||
flag is enabled or the
|
flag is enabled or the
|
||||||
|
Reference in New Issue
Block a user