cvs commit: src/sys/sys msg.h sem.h shm.h
Alexander Leidinger
Alexander at Leidinger.net
Sat Nov 20 13:04:33 GMT 2004
On Fri, 19 Nov 2004 13:14:50 +0000 (GMT)
Robert Watson <rwatson at freebsd.org> wrote:
> - If you have multiple name spaces, it makes it hard for the administrator
> running outside the jail to track and manage IPC resources that are
> leaked in Jails. ipcs and ipcrm are written under the assumption of a
> single name space, and the whole management infrastructure and APIs
> there will become substantially more complicated if multiple name spaces
> exist. Especially given that the resource limits for System V IPC are
> both very concrete and global.
Are you talking about the userland API, or about the in-kernel API?
If you are talking about the userland API: wouldn't it be more easy if
we use the following constraints?
- The admin of the host has no direct access to the jails IPC, only an
admin in the jail can manage it (the host admin can use jexec to
manage IPC).
- If a jail gets shut down, all IPC resources of this jail are removed.
Bye,
Alexander.
--
The best things in life are free, but the
expensive ones are still worth a look.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
More information about the cvs-src
mailing list