Huge slow down running the "jar" command within Isolate

[HamzaZagha]

So I'm using isolate to compile/run programs from multiple languages in it, and I've noticed that there's a significant slowdown when I'm using the "jar" command to build an executable from Java classes.

Here's the execution time of both when I run the jar command normally, and when I run the same command using isolate.

I tried tweaking with Isolate's options to see if any helps (such as share-net) but none seemed to have any effect.

If it matters, I've also attached the result of strace on the execution.

strace.txt

[bblackham]

The strace output shows the jar command itself is running in the same amount of time, so the time is being taken by isolate itself. Can you run strace on isolate itself? (You will need to use sudo strace to do that).

Also, can you also pass --meta meta.txt and paste the content of meta.txt ?

Is this after a fresh isolate --init ?

[HamzaZagha]

Oh actually, the strace I've uploaded was of a regular jar command, my bad.

Now I attached two strace files, one with strace being run inside Isolate on the jar command, one being run on Isolate itself running the jar command (both are 8secs).

Also, here's the meta file contents:

time:8.305 time-wall:8.241 max-rss:41660 csw-voluntary:13442 csw-forced:60 exitcode:0

And yes, it happens even after a fresh --init.

straceInsideIsolate.txt straceOfIsolate.txt

[bblackham]

Thanks for the straces! Looks like the problem is related to entropy - it appears that the process is spinning waiting for more entropy inside isolate which either never comes or takes a long time. My guess is that the reason the behaviour differs inside isolate and outside isolate is because it can't access this file: /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security

And I'm guessing that's because the file is a symlink into /etc which is not mounted by default.

Please try passing -d /etc so that /etc/ is available inside the sandbox (which will also let you just run /usr/bin/jar instead of the path inside /usr/lib/....

[HamzaZagha]

I tried it and it works!

It runs much faster now (0.013s sys), I'm guessing always passing -d /etc won't be a problem for me right?

Thank you!

[bblackham]

By default directories are mounted read-only (and nothing in /etc should be writable anyway). If you have any secrets under /etc (private keys, passwords, etc) you should make sure they are not world-readable. Other than that, it should be fine!