PERFORCE change 169603 for review

Edward Tomasz Napierala trasz at FreeBSD.org
Mon Oct 19 18:38:18 UTC 2009 

http://p4web.freebsd.org/chv.cgi?CH=169603

Change 169603 by trasz at trasz_victim on 2009/10/19 18:38:00

	Fix comments and HRL_HC_PARENTS_MAX value.

Affected files ...

.. //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#40 edit

Differences ...

==== //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#40 (text+ko) ====

@@ -63,7 +63,7 @@
  */
 struct hrl_rule {
 	int	hr_subject_type;
-#if 1
+#ifdef DIAGNOSTIC
 	struct {
 #else
 	union {
@@ -123,20 +123,28 @@
 
 #define	HRL_AMOUNT_UNDEFINED		-1
 
-#define	HRL_HC_PARENTS_MAX		32
+/*
+ * Processes may have at most three parent containers - prison, uidinfo,
+ * and loginclass.  Other subjects have less - struct prison may have only
+ * one parent container, loginclass and uidinfo structures have none.
+ * This may change when - and if - we add per-group resource limits.
+ */
+#define	HRL_HC_PARENTS_MAX		3
 
 /*
  * 'hrl_container' defines resource consumption for a particular
  * subject, such as process or jail. Containers form a graph - each
  * container has zero or more subcontainers and zero or more
  * "containing" containers (parents).  For example, container for
- * an uidinfo can have several subcontainers for processes for that
+ * an uidinfo can have several subcontainers for processes of that
  * user.  On the other hand, each process can have several containing
- * containers, one per every group this process belongs to.
+ * containers - one for jail the process is in, one for the user,
+ * one for every group this process belongs to (note that per-group
+ * limits are not implemented yet).
  *
  * Every process has exactly one container assigned to it.  Containers
- * for other objects are created when there is a rule which requires it.
- * For example, uidinfo will have container assigned only if there
+ * for other objects are initialized when there is a rule which requires
+ * it.  For example, uidinfo will have container assigned only if there
  * is a rule this uidinfo is subject to, and 'hr_per' for this rule
  * is HRL_SUBJECT_TYPE_USER.
  */
@@ -146,7 +154,7 @@
 };
 
 /*
- * 'hrl_limit' connects rule with every subject it's related to.
+ * 'hrl_limit' connects a rule with every subject it's related to.
  * For example, rule 'user:X:openfiles:deny=N/process' is linked
  * with uidinfo for user X, and to each process of that user.
  */

More information about the p4-projects mailing list