Jailed sysvipc implementation.

Pawel Jakub Dawidek nick at garage.freebsd.pl
Wed Jun 25 07:45:31 PDT 2003


On Wed, Jun 25, 2003 at 06:05:18PM +0400, Dmitry Sivachenko wrote:
+> > > Some time ago I've implemented private memory zones for IPC mechism.
+> > > Every jail and main host got its own memory for IPC operations.
+> > > It was implemented for FreeBSD 4.x. Avaliable at:
+> > > 
+> > > 	http://garage.freebsd.pl/privipc.tbz
+> > > 	http://garage.freebsd.pl/privipc.README
+> > 
+> > I think it would be better to add checks to disallow the use of IPC 
+> > primitives created in one jail from another.
+> > Thus we will avoid allocating separate segments of kernel memory for
+> > each jail.
+> > 
+> > It could be trivially achieved by adding another field to struct ipc_perm,
+> > but Robert Watson said he knows another way of doing this without
+> > breaking ABI (if I understood him right).
+> > 
+> 
+> Please look at his patch:
+> 
+> http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
+> 
+> It does slightly different things, but we could borrow from it.

But you got still *one* memory zones for every jail and main host.
And I want to separate them.

-- 
Pawel Jakub Dawidek                       pawel at dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20030625/192a326d/attachment.bin


More information about the freebsd-arch mailing list