jail extensions
Julian Elischer
julian at elischer.org
Wed Jun 7 10:36:01 PDT 2006
Alex Lyashkov wrote:
>>Marco's work is somewhat similar.
>>All globals related to the network are moved to structures that can be
>>duplicated.
>>
>>The base system also uses this structure so that in effect the base
>>system is just another instance
>>of the virtual machines. The biggest obstacle is that the 4.x based
>>version just put everything
>>into one structure, meaning that it only worked when all the components
>>effected were
>>compiled into the kernel. None of them could be implemented as a
>>loadable kernel module.
>>This has become much more important in 6.x.
>>
>>Ther is a way to allow this to work but it would require that we
>>implement a kernel version of
>>the idea used for TLS (Thread Local Storage), so that modules being
>>loaded could be added
>>to all the existing VMs and new VMs could get instances of all loaded
>>modules.
>>(and so that a module could not be unloaded until all VMS have destroyed
>>their instance
>>
>>
>It`s can be created easy. each module can be full own private data and
>register init/destroy methods, similar SYSINIT macro.
>prison will need add array for store pointers to modules data.
>yes, it possible need lost more memory - but easy for implementation.
>
>
"Easy" if you are writing something from scratch and you want it to not
be able to be compiled
the old way too.
More information about the freebsd-arch
mailing list