Re: Jailed sysvipc implementation.
From: Pawel Jakub Dawidek (nick_at_garage.freebsd.pl)
Date: 06/25/03
- Previous message: Pawel Jakub Dawidek: "Jailed sysvipc implementation."
- Maybe in reply to: Pawel Jakub Dawidek: "Jailed sysvipc implementation."
- Next in thread: Dmitry Sivachenko: "Re: Jailed sysvipc implementation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 14:25:39 +0200 To: Max Khon <fjoe@iclub.nsu.ru>
On Wed, Jun 25, 2003 at 06:21:30PM +0700, Max Khon wrote:
+> > Some time ago I've implemented private memory zones for IPC mechism.
+> > Every jail and main host got its own memory for IPC operations.
+> > It was implemented for FreeBSD 4.x. Avaliable at:
+> >
+> > http://garage.freebsd.pl/privipc.tbz
+> > http://garage.freebsd.pl/privipc.README
+> >
+> > I want to port this to FreeBSD 5.x, but with many improvements.
+> > Because of that there are few things to talk about and I'm curious if
+> > anyone will be interested in answering my questions and at the end
+> > commiting this to -CURRENT.
+> >
+> > Patch will not be a "fast hack" so the best way will be commiting this
+> > in parts. I got already working sysvipv_msg mechanism.
+> >
+> > So if anyone is interested in, please inform me and I'll ask my
+> > questions and I'll send also what I got now.
+>
+> I'm interested in reviewing and committing this stuff
Thanks.
So first of all, I implemented something like allocate-on-demand.
Memory zones are allocated only if IPC syscall will be called
from inside of jail. This is the best way, I think, because:
1. We don't allocate memory if this isn't needed.
2. We don't have to fight with locking prisons list when loading
IPC as kld module (allocating memory when lock is holded, ehh).
I'm also proposing to create mirror of those values:
security.jail.ipc.msgmax
security.jail.ipc.msgmni
security.jail.ipc.msgmnb
security.jail.ipc.msgtql
security.jail.ipc.msgssz
security.jail.ipc.msgseg
They will be always read-write and used to calculate memory that
will be allocated for newly created jails.
Is everything what I'm saying sounds reasonable I'll send patch
for sysvipc_msg.
-- Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net
- application/pgp-signature attachment: stored
- Previous message: Pawel Jakub Dawidek: "Jailed sysvipc implementation."
- Maybe in reply to: Pawel Jakub Dawidek: "Jailed sysvipc implementation."
- Next in thread: Dmitry Sivachenko: "Re: Jailed sysvipc implementation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
