Re: Jailed sysvipc implementation.
From: Dmitry Sivachenko (demon_at_freebsd.org)
Date: 06/25/03
- Previous message: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- In reply to: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Next in thread: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Reply: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Reply: Max Khon: "Re: Jailed sysvipc implementation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 18:52:33 +0400 To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
On Wed, Jun 25, 2003 at 04:48:49PM +0200, Pawel Jakub Dawidek wrote:
> On Wed, Jun 25, 2003 at 06:05:18PM +0400, Dmitry Sivachenko wrote:
> +> > > Some time ago I've implemented private memory zones for IPC mechism.
> +> > > Every jail and main host got its own memory for IPC operations.
> +> > > It was implemented for FreeBSD 4.x. Avaliable at:
> +> > >
> +> > > http://garage.freebsd.pl/privipc.tbz
> +> > > http://garage.freebsd.pl/privipc.README
> +> >
> +> > I think it would be better to add checks to disallow the use of IPC
> +> > primitives created in one jail from another.
> +> > Thus we will avoid allocating separate segments of kernel memory for
> +> > each jail.
> +> >
> +> > It could be trivially achieved by adding another field to struct ipc_perm,
> +> > but Robert Watson said he knows another way of doing this without
> +> > breaking ABI (if I understood him right).
> +> >
> +>
> +> Please look at his patch:
> +>
> +> http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
> +>
> +> It does slightly different things, but we could borrow from it.
>
> But you got still *one* memory zones for every jail and main host.
Yes, that is exactly what I want.
This is similar to separate IP stack for each jail: this is more powerful
solution, but more expensive (uses more kernel memory).
Jail is not a true virtual machine.
Let's keep it a *light* virtual machine replacement, with single IP stack,
one memory zones for all jails and host, etc.
> And I want to separate them.
>
Then you should join Marco Zec and contribute to his project.
Jail will hardly become a true virtual machine.
_______________________________________________
freebsd-arch@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
- Previous message: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- In reply to: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Next in thread: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Reply: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Reply: Max Khon: "Re: Jailed sysvipc implementation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- Re: Stack virtualization (was: running out of mbufs?)
... >> clean and separate ip stacks in each jail. ... > I'll cook something
up that uses interface groups and then you can judge ... anything but a dedicated virtual
stack. ... >> stack virtualisation to something that justs adds names to interfaces.
... (freebsd-net) - Re: Jail and Giant
... > I read somewhere that with the comming of FreeBSD 5.3 each jail
will be ... > able to run it's own IP stack. ... (comp.unix.bsd.freebsd.misc) - Jail and Giant
... I read somewhere that with the comming of FreeBSD 5.3 each jail will
be ... able to run it's own IP stack. ... (comp.unix.bsd.freebsd.misc) - Re: Jailed sysvipc implementation.
... +>> But you got still *one* memory zones for every jail and main host.
... that will thell if we want separate IPC memory zones for this jail or not. ...
+> Let's keep it a *light* virtual machine replacement, with single IP stack, ... (freebsd-arch)
