From owner-freebsd-arch Mon Apr 23 17: 0:36 2001 Delivered-To: freebsd-arch@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 9E5D637B440 for ; Mon, 23 Apr 2001 17:00:33 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f3O00lf06647; Mon, 23 Apr 2001 20:00:47 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 23 Apr 2001 20:00:47 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Hroi Sigurdsson Cc: freebsd-arch@FreeBSD.ORG Subject: Re: jailNG In-Reply-To: <3AE48FFB.69A6142E@asdf.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 23 Apr 2001, Hroi Sigurdsson wrote: > Robert Watson wrote: > > > http://www.watson.org/~robert/jailng/ > > Very nice! What about the possibility of setting a non-overridable > "nice" value on jails or maybe rlimit? One issue that does need to be addressed in the new code is a problem inherited from the old code: a number of services are addressed on the global scope rather than the jail scope, including resource limits/accounting. One challenge in the jail implementation is a way to do this such that the jail code remains (relatively) cleanly abstracted from the remainder of the system. This is generally true of a number of namespace-based services, including System V IPC. I've toyed with a number of ideas, including a p->p_namespace, but haven't reached any firm conclusions yet, especially regarding situations where multiple issues (not just jail()) might be associated with namespace management. In the mean time, I'll continue my general cleanup of the authorization code. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message