Re: Jailed sysvipc implementation.

From: Pawel Jakub Dawidek (nick_at_garage.freebsd.pl)
Date: 06/25/03

  • Next message: Dmitry Sivachenko: "Re: Jailed sysvipc implementation." 
    Date: Wed, 25 Jun 2003 16:48:49 +0200
To: Dmitry Sivachenko <mitya@cavia.pp.ru>

    On Wed, Jun 25, 2003 at 06:05:18PM +0400, Dmitry Sivachenko wrote:
    +> > > Some time ago I've implemented private memory zones for IPC mechism.
    +> > > Every jail and main host got its own memory for IPC operations.
    +> > > It was implemented for FreeBSD 4.x. Avaliable at:
    +> > >
    +> > > http://garage.freebsd.pl/privipc.tbz
    +> > > http://garage.freebsd.pl/privipc.README
    +> >
    +> > I think it would be better to add checks to disallow the use of IPC
    +> > primitives created in one jail from another.
    +> > Thus we will avoid allocating separate segments of kernel memory for
    +> > each jail.
    +> >
    +> > It could be trivially achieved by adding another field to struct ipc_perm,
    +> > but Robert Watson said he knows another way of doing this without
    +> > breaking ABI (if I understood him right).
    +> >
    +>
    +> Please look at his patch:
    +>
    +> http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
    +>
    +> It does slightly different things, but we could borrow from it.

    But you got still *one* memory zones for every jail and main host.
    And I want to separate them. 

    -- 
Pawel Jakub Dawidek                       pawel@dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net

  • Next message: Dmitry Sivachenko: "Re: Jailed sysvipc implementation."

    Relevant Pages