On Mon, May 04, 2026 at 04:07:45PM +0000, Ⓐlï P☮latel wrote: > Syd sandbox uses AF_ALG zero-copy for its Force Sandboxing[1] and Crypt > Sandboxing[1]. > Zero-copy means Syd does not have to copy sandbox process data into its own > address > space providing safety and security. Switching to read/write rather than > pipes and > splice breaks a fundamental safety guarantee for the sandbox. Please do not > break > userspace. > > Will sendfile(2) continue to work? > > [1]: https://man.exherbo.org/syd.7.html#Force_Sandboxing > [2]: https://man.exherbo.org/syd.7.html#Crypt_Sandboxing
It's very unclear what that feature (which I don't think anyone knew even existed) is trying to accomplish. Regardless, this patch doesn't break the splice or sendfile syscalls. It just makes them run a bit more slowly since the kernel will copy the data internally. So I think your concern isn't justified. > How can i test? Please help me. If this is a feature you care about, perhaps you know how to test it? - Eric
