Re: Jailed sysvipc implementation.
From: Robert Watson (rwatson_at_freebsd.org)
Date: 06/25/03
- Previous message: Dmitry Sivachenko: "Re: Jailed sysvipc implementation."
- In reply to: Pawel Jakub Dawidek: "Jailed sysvipc implementation."
- Next in thread: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Reply: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 13:26:28 -0400 (EDT) To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
On Tue, 24 Jun 2003, Pawel Jakub Dawidek wrote:
> Some time ago I've implemented private memory zones for IPC mechism.
> Every jail and main host got its own memory for IPC operations.
> It was implemented for FreeBSD 4.x. Avaliable at:
>
> http://garage.freebsd.pl/privipc.tbz
> http://garage.freebsd.pl/privipc.README
>
> I want to port this to FreeBSD 5.x, but with many improvements. Because
> of that there are few things to talk about and I'm curious if anyone
> will be interested in answering my questions and at the end commiting
> this to -CURRENT.
>
> Patch will not be a "fast hack" so the best way will be commiting this
> in parts. I got already working sysvipv_msg mechanism.
>
> So if anyone is interested in, please inform me and I'll ask my
> questions and I'll send also what I got now.
We have some initial patches that wrap the user ipcperm structure in a
kernel-specific structure, which we use to add a MAC label. It would be
easy to also add a prison pointer. We probably won't get to merging this
patch for a couple of weeks, but it's worth keeping in mind.
http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
This needs style cleanup, bug fixing, testing, etc, but it's the direction
we're pushing in for MAC right now.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Network Associates Laboratories
_______________________________________________
freebsd-arch@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
- Previous message: Dmitry Sivachenko: "Re: Jailed sysvipc implementation."
- In reply to: Pawel Jakub Dawidek: "Jailed sysvipc implementation."
- Next in thread: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Reply: Pawel Jakub Dawidek: "Re: Jailed sysvipc implementation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
