Re: Jailed sysvipc implementation.

From: Dmitry Sivachenko (demon_at_freebsd.org)
Date: 06/25/03

  • Next message: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation." 
    Date: Wed, 25 Jun 2003 18:52:33 +0400
To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>

    On Wed, Jun 25, 2003 at 04:48:49PM +0200, Pawel Jakub Dawidek wrote:
    > On Wed, Jun 25, 2003 at 06:05:18PM +0400, Dmitry Sivachenko wrote:
    > +> > > Some time ago I've implemented private memory zones for IPC mechism.
    > +> > > Every jail and main host got its own memory for IPC operations.
    > +> > > It was implemented for FreeBSD 4.x. Avaliable at:
    > +> > >
    > +> > > http://garage.freebsd.pl/privipc.tbz
    > +> > > http://garage.freebsd.pl/privipc.README
    > +> >
    > +> > I think it would be better to add checks to disallow the use of IPC
    > +> > primitives created in one jail from another.
    > +> > Thus we will avoid allocating separate segments of kernel memory for
    > +> > each jail.
    > +> >
    > +> > It could be trivially achieved by adding another field to struct ipc_perm,
    > +> > but Robert Watson said he knows another way of doing this without
    > +> > breaking ABI (if I understood him right).
    > +> >
    > +>
    > +> Please look at his patch:
    > +>
    > +> http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
    > +>
    > +> It does slightly different things, but we could borrow from it.
    >
    > But you got still *one* memory zones for every jail and main host.

    Yes, that is exactly what I want.
    This is similar to separate IP stack for each jail: this is more powerful
    solution, but more expensive (uses more kernel memory).

    Jail is not a true virtual machine.
    Let's keep it a *light* virtual machine replacement, with single IP stack,
    one memory zones for all jails and host, etc.

    > And I want to separate them.
    >

    Then you should join Marco Zec and contribute to his project.
    Jail will hardly become a true virtual machine.
    _______________________________________________
    freebsd-arch@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-arch
    To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"

  • Next message: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."

    Relevant Pages

    • Re: Stack virtualization (was: running out of mbufs?)
      ... >> clean and separate ip stacks in each jail. ... > I'll cook something up that uses interface groups and then you can judge ... anything but a dedicated virtual stack. ... >> stack virtualisation to something that justs adds names to interfaces. ...
      (freebsd-net)
    • Re: Jail and Giant
      ... > I read somewhere that with the comming of FreeBSD 5.3 each jail will be ... > able to run it's own IP stack. ...
      (comp.unix.bsd.freebsd.misc)
    • Jail and Giant
      ... I read somewhere that with the comming of FreeBSD 5.3 each jail will be ... able to run it's own IP stack. ...
      (comp.unix.bsd.freebsd.misc)
    • Re: Jailed sysvipc implementation.
      ... +>> But you got still *one* memory zones for every jail and main host. ... that will thell if we want separate IPC memory zones for this jail or not. ... +> Let's keep it a *light* virtual machine replacement, with single IP stack, ...
      (freebsd-arch)