Re: Jail + sysv shmem
From: Koen Martens (fbsd_at_metro.cx)
Date: 11/28/04
- Previous message: Alin-Adrian Anton: "Re: ssh & select() problem on 5.3"
- Maybe in reply to: Koen Martens: "Jail + sysv shmem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 28 Nov 2004 21:03:31 +0100 To: freebsd-hackers@freebsd.org
On Sun, Nov 28, 2004 at 12:00:58PM +0000, freebsd-hackers-request@freebsd.org wrote:
> From: Justin Hopper <jhopper@bsdhosting.net>
>
> I know that Pawel @ http://garage.freebsd.pl has a patch for making
> private SysV IPC memory spaces for the host system and each jail:
>
> http://garage.freebsd.pl/privipc.README
>
> The patch is against 4.x though, and I've never tried it. I would
> really like to see something like this implemented for 5.x though. Does
> anyone know if there are plans to implement this in the future 5.x
> releases? If not, I would be interested in helping anyone that wishes
> to try implementing this in 5.3 soon, as we have a lot of clients who
> ask for SysV IPC inside of jailed hosting environments.
Interesting, I will download that and see if it is of any help in my
effort to implementing this in freebsd 5.x. Thanks for the pointer.
> ------------------------------
>
> Date: Sun, 28 Nov 2004 18:21:06 +1100
> From: Peter Jeremy <PeterJeremy@optushome.com.au>
>
> The sysadmin is likely to need access to:
> 1) look at SysV IPC usage across the entire system
> 2) clean up after a process has died unexpectedly.
>
> Whilst it's possible for the sysadmin to enter the relevant jail and
> look at what is used in that jail, it's very difficult to get an
> overall view of the system in this way - especially if there are lots
> of jails.
Hmm, there is a trade-off: ease of maintenance vs security. I personally
would not want to have the host system to have access to the jail
systems by IPC. It seems reasonable to make this a sysctl (which can
only be set at boot time).
> Robert Watson was also looking into this recently.
I had some contact with him a while back, about his jailng project.
However, that has been abandonded afaik. How recently have you heard him
talk about this?
Kind regards,
Koen Martens
-- K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, embedded systems, unix expertise, artificial intelligence. Public PGP key: http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program can't read? Visit http://www.openpgp.org/ _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Alin-Adrian Anton: "Re: ssh & select() problem on 5.3"
- Maybe in reply to: Koen Martens: "Jail + sysv shmem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
