jail extensions

[Alex Lyashkov]

> 
> 
> Marco's work is somewhat similar.
> All globals related to the network are moved to structures that can be  
> duplicated.
> 
> The base system also uses this structure so that in effect the base 
> system is just another instance
> of the virtual machines. The biggest obstacle is that the 4.x based 
> version just put everything
> into one structure, meaning that it only worked when all the components 
> effected were
> compiled into the kernel. None of them could be implemented as a 
> loadable kernel module.
> This has become much more important in 6.x.
> 
> Ther is a way to allow this to work but it would require that we 
> implement a kernel version of
> the idea used for TLS (Thread Local Storage), so that modules being 
> loaded could be added
> to all the existing VMs and new VMs could get instances of all loaded 
> modules.
> (and so that a module could not be unloaded until all VMS have destroyed 
> their instance
It`s can be created easy. each module can be full own private data and
register init/destroy methods, similar SYSINIT macro.
prison will need add array for store pointers to modules data.
yes, it possible need lost more memory - but easy for implementation.

-- 
Alex Lyashkov <shadow at psoft.net>