Anybody know how to debug things like this?

Eric S. Raymond esr at
Fri Jul 15 11:10:35 UTC 2016

Hal Murray <hmurray at>:
> > I want to ask a different question: why the early thread launch? Can we move
> > that?   
> It's getting called from config_peers in ntp_config.  I don't know of any 
> reason why we couldn't move it.

On further examination, it looks like moving the configuration read to later
is pretty much equivalent to moving the sandox() call earlier.  The present
seqieence looks like this:

A: get configuration (that's the early thread launch)

B: Call memlock (no config dependency)

C: loop_config(LOOP_DRIFTINIT, 0); - has config dependency


E. initializing = false

F. trivial sanity check of networking options

G. Call sandbox()

Our problem is that the thread launch in A wants to be after G.

Moving F and B is no problem, but the others worry me - especially the
setting of initialize, which does things I don't understand to the
protocol machine.  My spider sense is tingling.

Maybe sandox() needs to be split up and the seccomp() initialization alone
moved earlier, than getconfig.  The only safe alternative would be to force
the initial DNS lookups to be synchronous.
		<a href="">Eric S. Raymond</a>

More information about the devel mailing list