Jailed sysvipc implementation.
Dmitry Sivachenko
demon at FreeBSD.org
Wed Jun 25 08:21:22 PDT 2003
On Wed, Jun 25, 2003 at 05:02:21PM +0200, Pawel Jakub Dawidek wrote:
> On Wed, Jun 25, 2003 at 06:52:33PM +0400, Dmitry Sivachenko wrote:
> +> > But you got still *one* memory zones for every jail and main host.
> +>
> +> Yes, that is exactly what I want.
> +> This is similar to separate IP stack for each jail: this is more powerful
> +> solution, but more expensive (uses more kernel memory).
>
> But note that my implementation allocates memory "on demand".
This is part of the problem: with single memory zone for all jails,
less memory is allocated. With private memory zones, if m jails use IPC,
you need to allocate m*M kbytes (for some value of M you consider
sufficient for one jail).
With one memory zone for all jails, it is enough to allocate N kbytes where
M < N < m*M, because every jail will not use all M kbytes at the same time.
> If IPC syscall will not be used inside of jail memory will not be allocated.
> If think also that this will be trivial to add value to jail struct
> that will thell if we want separate IPC memory zones for this jail or not.
>
> +> Jail is not a true virtual machine.
> +> Let's keep it a *light* virtual machine replacement, with single IP stack,
> +> one memory zones for all jails and host, etc.
>
> I think it should be and it isn't now because of implementaion problems.
> Am I wrong? Poul? Robert?
>
More information about the freebsd-arch
mailing list