From owner-freebsd-arch@FreeBSD.ORG Wed Jun 7 17:23:37 2006 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A7AD16DC25; Wed, 7 Jun 2006 14:56:30 +0000 (UTC) (envelope-from shadow@psoft.net) Received: from mail.sevcity.net (ns.sevcity.net [193.47.166.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id C726443D67; Wed, 7 Jun 2006 14:56:26 +0000 (GMT) (envelope-from shadow@psoft.net) Received: from mail.sevcity.net (service.sevcity [127.0.0.1]) by mail.sevcity.net (Postfix) with ESMTP id 383BA17000D; Wed, 7 Jun 2006 17:57:51 +0300 (EEST) Received: from berloga.shadowland (umka.sevcity.net [193.47.166.138]) by mail.sevcity.net (Postfix) with ESMTP id F2230170008; Wed, 7 Jun 2006 17:57:50 +0300 (EEST) Received: from berloga.shadowland (berloga.shadowland [127.0.0.1]) by berloga.shadowland (8.12.11.20060308/8.12.11) with ESMTP id k57EuPeg006104; Wed, 7 Jun 2006 17:56:25 +0300 Received: (from root@localhost) by berloga.shadowland (8.12.11.20060308/8.12.11/Submit) id k57EuOsY006102; Wed, 7 Jun 2006 17:56:24 +0300 From: Alex Lyashkov To: Julian Elischer In-Reply-To: <4486E41B.4000003@elischer.org> References: <1149610678.4074.42.camel@berloga.shadowland> <448633F2.7030902@elischer.org> <20060607095824.W53690@fledge.watson.org> <200606070819.04301.jhb@freebsd.org> <4486E41B.4000003@elischer.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: Positive Software Message-Id: <1149692184.3224.208.camel@berloga.shadowland> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 (1.4.5-17) Date: Wed, 07 Jun 2006 17:56:24 +0300 X-Virus-Scanned: ClamAV using ClamSMTP Cc: Robert Watson , freebsd-arch@freebsd.org Subject: Re: jail extensions X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2006 17:23:37 -0000 > > > Marco's work is somewhat similar. > All globals related to the network are moved to structures that can be > duplicated. > > The base system also uses this structure so that in effect the base > system is just another instance > of the virtual machines. The biggest obstacle is that the 4.x based > version just put everything > into one structure, meaning that it only worked when all the components > effected were > compiled into the kernel. None of them could be implemented as a > loadable kernel module. > This has become much more important in 6.x. > > Ther is a way to allow this to work but it would require that we > implement a kernel version of > the idea used for TLS (Thread Local Storage), so that modules being > loaded could be added > to all the existing VMs and new VMs could get instances of all loaded > modules. > (and so that a module could not be unloaded until all VMS have destroyed > their instance It`s can be created easy. each module can be full own private data and register init/destroy methods, similar SYSINIT macro. prison will need add array for store pointers to modules data. yes, it possible need lost more memory - but easy for implementation. -- Alex Lyashkov