From owner-freebsd-arch  Sun Jul 16  1:48:30 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 50BE337B6AB; Sun, 16 Jul 2000 01:48:25 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id EAA27518;
	Sun, 16 Jul 2000 04:48:16 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sun, 16 Jul 2000 04:48:16 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Warner Losh <imp@village.org>
Cc: Kelly Yancey <kbyanc@posi.net>,
	Julian Elischer <julian@elischer.org>,
	Dan Nelson <dnelson@emsphone.com>, Adrian Chadd <adrian@FreeBSD.ORG>,
	freebsd-arch@FreeBSD.ORG
Subject: Re: SysctlFS 
In-Reply-To: <200007160752.BAA52125@harmony.village.org>
Message-ID: <Pine.NEB.3.96L.1000716044526.27475A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


> You certainly don't want to do that for /dev in jails.  The whole
> point of jails is that you can give them access to a small subset of
> devices that are "safe".

So really, whenever I hear discussion of jail/chroot and synthetic
system-centric file systems, my immediate responses are:

1) Accept the multiple-mounting, and just make sure that our mount
   mechanism is scalable (avoid those linear joints down mount lists, etc)

2) Avoid needing to have additional mounts on the jail (reduce dependence
   on procfs, do not introduce new dependence on procfs)

Right now, you can almost completely run without procfs in jail().  Chris
Costello even has a killall rewritten to use the pseudo-kvm/sysctl
interface.  Presumably some debugging dependencies remain.  Right now we
also certainly don't need a sysctlfs, which while possibly pretty and
elegant, is certainly less scalable than just sysctl().  This leaves
devfs, and if the mount system is scalable enough (currently isn't, I
believe), I don't mind this.

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message