Unable to stop a jail
Robert Watson
rwatson at FreeBSD.org
Fri Dec 1 04:43:46 PST 2006
On Fri, 1 Dec 2006, Steven Hartland wrote:
>> In essence, this would move to having two reference counts on the prison: a
>> "strong" reference that has to do with having process members, and a "weak"
>> reference that has to do with ucreds pointing at the prison.
>
> The proposal sounds like a good idea but I'm sure there's an argument that
> would say thats just hiding the real underlieing issue?
Well, there are two things going on here:
(1) Jails that last a long time due to being referenced by data structures
that last a long time. I.e., time-wait TCP connections.
(2) Leaks in credentials or jails resulting in jails that never go away.
What I describe is intended to address the former issue, which is one that
exists for a reason. The latter issues are clearly bugs and just need to be
fixed.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-hackers
mailing list