From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Blake Miller Newsgroups: gmane.emacs.devel Subject: Re: New tool to reduce emacs start-up time on Linux Date: Mon, 13 Jul 2020 21:17:33 +0000 Message-ID: References: <24332.51925.447735.990302@retriever.mtv.corp.google.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000c4109e05aa59382f" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="6682"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Stefan Monnier , emacs-devel@gnu.org To: "T.V Raman" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Jul 13 23:18:51 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jv5qb-0001bE-Qy for ged-emacs-devel@m.gmane-mx.org; Mon, 13 Jul 2020 23:18:49 +0200 Original-Received: from localhost ([::1]:41208 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jv5qa-0004LR-Qv for ged-emacs-devel@m.gmane-mx.org; Mon, 13 Jul 2020 17:18:48 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:33598) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jv5pb-0003tc-Rb for emacs-devel@gnu.org; Mon, 13 Jul 2020 17:17:47 -0400 Original-Received: from mail-oi1-x242.google.com ([2607:f8b0:4864:20::242]:33342) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jv5pa-0001y6-3p for emacs-devel@gnu.org; Mon, 13 Jul 2020 17:17:47 -0400 Original-Received: by mail-oi1-x242.google.com with SMTP id k22so12256244oib.0 for ; Mon, 13 Jul 2020 14:17:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bz+Ic16bELb/L7Ju8MSkr0DNHyPpz8DqfGFIYgO5Q90=; b=uNuvE9hstenX2RNzqF09HJdaTyWjab95wF6IublpaXP7sxoZbIKsBqOeuVqSUmiQuW trYx5AOqAxiKOEu8zwif8oaD7pz2HzEJnpq88oqZPojNHSJpLpmWPxrVsktEdiPlK+Na XrJELogl8MxDqanW5uugg0T+nBm/QuoKDyK0gdGjxV215hvvdyjk3HrC3nfjPrMMRCdw Hfj1fY0AksODSmtNUeMJuXkU+aKzVHG6rvo7dffaqafUkfubsxwG0b3fUnxAx4f7Bb4w iclZyLNbFSuHSTYr+8jC8su24c1C+oh7GF40pF1wXNdWJtIHUkmzAvJLyDh5SvOhzm17 bfbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bz+Ic16bELb/L7Ju8MSkr0DNHyPpz8DqfGFIYgO5Q90=; b=ZfB2Jp0rbOJcy40rkxkudzSlMVsz2NZ5Nqa16cqVPwbXEfpYVZ/c7H3RKKR5M8vlhl yEPv/RqiIdS15mWLJMMYeBW4spie9YF1zTNcMxtYJCmVBeds01ukVLPa5SOeLy6cF6zQ 9Hhq+XEl2TrpcXjOREwoY8LoU3q/7iszAIdFli7LELBU1Nak2dWxZ/oYzlxXEqCdxyEI JN3VEgEAonqNdGT/9CYIpNAvmb6UDgi3yZztDY/FxiUV/cZvEDY3XnQTcu9NAnQod7pK Y0mNd2c34jEfgnFSldu5SExcogNx25ZEdXAfrm7DrgxSsTAzcGvcVDaYb5SgKhOxxKbP Y+Iw== X-Gm-Message-State: AOAM531feGxrSNSdeCobTjS71lGhOImNGGSM9/nSAaT+9i4xG3T6g19n 2vY3zaODlwqb7A1By1Kwapy8KxO707aQpk6t2Yw= X-Google-Smtp-Source: ABdhPJy+CGa3C/jzECA0wgmZqz3JK9S/lTKkrqA3VOQ3hfe8uFoLegkJ50sa2oieIyR8OY5y+DvCxO5tfDZlK6bq9Qk= X-Received: by 2002:a54:460b:: with SMTP id p11mr1179973oip.77.1594675064736; Mon, 13 Jul 2020 14:17:44 -0700 (PDT) In-Reply-To: <24332.51925.447735.990302@retriever.mtv.corp.google.com> Received-SPF: pass client-ip=2607:f8b0:4864:20::242; envelope-from=blak3mill3r@gmail.com; helo=mail-oi1-x242.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:252929 Archived-At: --000000000000c4109e05aa59382f Content-Type: text/plain; charset="UTF-8" Sure. I should improve this in the readme. What runs as root are these three things only: 1. A little service that is part of my project, written in babashka, called els-cloner 2. The criu binary 3. the criu-ns python script That's all. CRIU currently cannot be run as non-root. The other two things wrap CRIU and so also need to run as root... except I think I could make the els-cloner service run as an els-cloner user and give it permission only to invoke criu & criu-ns as root, and I should do that. On Mon, Jul 13, 2020 at 8:58 PM T.V Raman wrote: > I see, I dont understand all the terminology here, which explains my > confusion. As long as neither the emacs daemon or client run as Root, > then that would take away my concern. Could you also elaborate on what > it is that runs as Root? > Blake Miller writes: > > I'd never run emacs as root either. CRIU has to run as root, but the > > processes it creates when restoring a snapshot are regular non-root > > processes, just like the one that was checkpointed. > > > > On Mon, Jul 13, 2020 at 4:22 PM T.V Raman wrote: > > > > > Stefan Monnier writes: > > > > > > the biggest drawback I saw at a quick-read was the need to run as > root, > > > I'd never run emacs as root.>> As the name suggests, it can provide > you > > > with the fastest emacs startup > > > >> time in the west, by using CRIU checkpoint/restore to "clone" > emacsen. > > > > > > > > Hmmm... an "unexec" that's not Emacs-specific, interesting, > > > > > > > > > > > > Stefan > > > > > > > > > > > > > > -- > > > > > -- > Id: kg:/m/0285kf1 > > -- > Id: kg:/m/0285kf1 > --000000000000c4109e05aa59382f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Sure. I should improve this in the readme.

<= div>What runs as root are these three things only:

1. A little service that is part of my project, written in babashka, calle= d els-cloner
2. The criu binary
3. the criu-ns python s= cript

That's all. CRIU currently cannot be run= as non-root. The other two things wrap CRIU and so also need to run as roo= t... except I think I could make the els-cloner service run as an els-clone= r user and give it permission only to invoke criu & criu-ns as root, an= d I should do that.

On Mon, Jul 13, 2020 at 8:58 PM T.V Raman <raman@google.com> wrote:
I see, I dont understand al= l the terminology here, which explains my
confusion. As long as neither the emacs daemon or client run as Root,
then that would take away my concern. Could you also elaborate on what
it is that runs as Root?
Blake Miller writes:
=C2=A0> I'd never run emacs as root either. CRIU has to run as root,= but the
=C2=A0> processes it creates when restoring a snapshot are regular non-r= oot
=C2=A0> processes, just like the one that was checkpointed.
=C2=A0>
=C2=A0> On Mon, Jul 13, 2020 at 4:22 PM T.V Raman <raman@google.com> wrote:
=C2=A0>
=C2=A0> > Stefan Monnier <monnier@iro.umontreal.ca> writes:
=C2=A0> >
=C2=A0> > the biggest drawback I=C2=A0 saw at a quick-read was the ne= ed to run as root,
=C2=A0> >=C2=A0 I'd never run emacs as root.>> As the name = suggests, it can provide you
=C2=A0> > with the fastest emacs startup
=C2=A0> > >> time in the west, by using CRIU checkpoint/restore= to "clone" emacsen.
=C2=A0> > >
=C2=A0> > > Hmmm... an "unexec" that's not Emacs-spe= cific, interesting,
=C2=A0> > >
=C2=A0> > >
=C2=A0> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Stefan
=C2=A0> > >
=C2=A0> > >
=C2=A0> >
=C2=A0> > --
=C2=A0> >

--
Id: kg:/m/0285kf1

--
Id: kg:/m/0285kf1
--000000000000c4109e05aa59382f--