Date: Wed, 9 Apr 2003 18:41:03 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Pawel Jakub Dawidek <nick@garage.freebsd.pl> Cc: Mike Barcroft <mike@FreeBSD.org> Subject: Re: cvs commit: src/usr.bin/killall killall.1 killall.c src/usr.sbin Makefile src/usr.sbin/jail jail.8 jail.c src/usr.sbin/jexec Makefile jexec.8 jexec.c src/usr.sbin/jls Makefile jls.8 jls.c Message-ID: <Pine.NEB.3.96L.1030409183734.30751A-100000@fledge.watson.org> In-Reply-To: <20030409142231.GX1280@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Apr 2003, Pawel Jakub Dawidek wrote: > Nice work!! Global list with all prisons was really needed. > > But IMHO JID should be a string, not a number. For example we're running > many jails at startup or somewhere else and because JID is set dynamicly > there could be problems in writing scripts for handle jails (attaching > processes to it or something). As we can see on your example, we aren't > able to find out which jail was ran first (looking at PIDs isn't good > idea:)). If JID will be a string there will be no such problems. > > What you think? Hmm. In the jailNG patches, I used a string name for each jail, for pretty much that reason: jid values are meaningless, but administrator-provided jail names can be quite a bit more useful. I would not be opposed to that direction at all, although it's worth noting that Mike managed to maintain the current ABI and API for jail() with the current model. One of the issues with user-provided names, if you adopt the hierarchal jail changes you posted, is how to control the namespace. Since jail id's have no real meaning themselves, no one really cares which jail gets jid 2038201. With a jail name, you might care about issues such as name spoofing, etc. One of the problems that jid's do have, and it's related, is the race condition issue present for pids: better not get the wrong jail in the same we we can currently get the wrong process. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030409183734.30751A-100000>