Date: Wed, 25 Jun 2003 14:25:39 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: Max Khon <fjoe@iclub.nsu.ru> Cc: freebsd-arch@freebsd.org Subject: Re: Jailed sysvipc implementation. Message-ID: <20030625122539.GI7587@garage.freebsd.pl> In-Reply-To: <20030625112130.GA72312@iclub.nsu.ru> References: <20030624164602.GW7587@garage.freebsd.pl> <20030625112130.GA72312@iclub.nsu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--+bs7B30DeWCM5QK8 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 25, 2003 at 06:21:30PM +0700, Max Khon wrote: +> > Some time ago I've implemented private memory zones for IPC mechism. +> > Every jail and main host got its own memory for IPC operations. +> > It was implemented for FreeBSD 4.x. Avaliable at: +> >=20 +> > http://garage.freebsd.pl/privipc.tbz +> > http://garage.freebsd.pl/privipc.README +> >=20 +> > I want to port this to FreeBSD 5.x, but with many improvements. +> > Because of that there are few things to talk about and I'm curious if +> > anyone will be interested in answering my questions and at the end +> > commiting this to -CURRENT. +> >=20 +> > Patch will not be a "fast hack" so the best way will be commiting this +> > in parts. I got already working sysvipv_msg mechanism. +> >=20 +> > So if anyone is interested in, please inform me and I'll ask my +> > questions and I'll send also what I got now. +>=20 +> I'm interested in reviewing and committing this stuff Thanks. So first of all, I implemented something like allocate-on-demand. Memory zones are allocated only if IPC syscall will be called from inside of jail. This is the best way, I think, because: 1. We don't allocate memory if this isn't needed. 2. We don't have to fight with locking prisons list when loading IPC as kld module (allocating memory when lock is holded, ehh). I'm also proposing to create mirror of those values: security.jail.ipc.msgmax security.jail.ipc.msgmni security.jail.ipc.msgmnb security.jail.ipc.msgtql security.jail.ipc.msgssz security.jail.ipc.msgseg They will be always read-write and used to calculate memory that will be allocated for newly created jails. Is everything what I'm saying sounds reasonable I'll send patch for sysvipc_msg. --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --+bs7B30DeWCM5QK8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPvmUwz/PhmMH/Mf1AQEHZAP/RKVXZOmtLozSs8z5qZSN/24049mXzlaS THwRUt8V1DzRY1bjr7zo33h8DAWb9nN+2Y2YfCHeEeWLZuZ8GS41UW8Q6yhXQnjg X2YG3yeCBUVaqjZ5tKmjmEMJdv3xGI24vUYNS62738E79rlHnVisRNiPIUMCi87F u7GvR9YlT/s= =3Ffd -----END PGP SIGNATURE----- --+bs7B30DeWCM5QK8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030625122539.GI7587>