Jailed sysvipc implementation.
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Wed Jun 25 07:45:31 PDT 2003
On Wed, Jun 25, 2003 at 06:05:18PM +0400, Dmitry Sivachenko wrote:
+> > > Some time ago I've implemented private memory zones for IPC mechism.
+> > > Every jail and main host got its own memory for IPC operations.
+> > > It was implemented for FreeBSD 4.x. Avaliable at:
+> > >
+> > > http://garage.freebsd.pl/privipc.tbz
+> > > http://garage.freebsd.pl/privipc.README
+> >
+> > I think it would be better to add checks to disallow the use of IPC
+> > primitives created in one jail from another.
+> > Thus we will avoid allocating separate segments of kernel memory for
+> > each jail.
+> >
+> > It could be trivially achieved by adding another field to struct ipc_perm,
+> > but Robert Watson said he knows another way of doing this without
+> > breaking ABI (if I understood him right).
+> >
+>
+> Please look at his patch:
+>
+> http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
+>
+> It does slightly different things, but we could borrow from it.
But you got still *one* memory zones for every jail and main host.
And I want to separate them.
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20030625/192a326d/attachment.bin
More information about the freebsd-arch
mailing list