cvs commit: src/usr.bin/killall killall.1 killall.c
src/usr.sbin Makefile src/usr.sbin/jail jail.8 jail.c
src/usr.sbin/jexec Makefile jexec.8 jexec.c src/usr.sbin/jls
Makefile jls.8 jls.c
Robert Watson
rwatson at FreeBSD.org
Wed Apr 9 15:40:46 PDT 2003
On Wed, 9 Apr 2003, Pawel Jakub Dawidek wrote:
> Nice work!! Global list with all prisons was really needed.
>
> But IMHO JID should be a string, not a number. For example we're running
> many jails at startup or somewhere else and because JID is set dynamicly
> there could be problems in writing scripts for handle jails (attaching
> processes to it or something). As we can see on your example, we aren't
> able to find out which jail was ran first (looking at PIDs isn't good
> idea:)). If JID will be a string there will be no such problems.
>
> What you think?
Hmm. In the jailNG patches, I used a string name for each jail, for
pretty much that reason: jid values are meaningless, but
administrator-provided jail names can be quite a bit more useful. I would
not be opposed to that direction at all, although it's worth noting that
Mike managed to maintain the current ABI and API for jail() with the
current model. One of the issues with user-provided names, if you adopt
the hierarchal jail changes you posted, is how to control the namespace.
Since jail id's have no real meaning themselves, no one really cares which
jail gets jid 2038201. With a jail name, you might care about issues such
as name spoofing, etc. One of the problems that jid's do have, and it's
related, is the race condition issue present for pids: better not get the
wrong jail in the same we we can currently get the wrong process.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the cvs-src
mailing list